86c5d9a69a1a1a2a07546eeda8f8a7907b2d21a0648b41125fca11976b469619

General

Target

86c5d9a69a1a1a2a07546eeda8f8a7907b2d21a0648b41125fca11976b469619
Size

3.6MB
MD5

1b76d9cbe11016800c5fe900b115d3d7
SHA1

b0002778a6ca7a2516b7789696a104827cda21a0
SHA256

86c5d9a69a1a1a2a07546eeda8f8a7907b2d21a0648b41125fca11976b469619
SHA512

d79b0bc837ebb93c7ea4c45a9f6f78b6a6cbb99883b5b51b20d7925fee669f55ab5e41486c4a6caf076ec9ece0d70a34310383adc1199b797a0fa44077436cc8
SSDEEP

98304:yLh/hGQJS3vJd4vItCLMZG9J9QHIKiy0M:yLh/hxJS39kLMWMohy0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86c5d9a69a1a1a2a07546eeda8f8a7907b2d21a0648b41125fca11976b469619

Files

86c5d9a69a1a1a2a07546eeda8f8a7907b2d21a0648b41125fca11976b469619
.exe windows:6 windows x64 arch:x64

901801ef680a95673f65e65bc561d47e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

OpenSCManagerW

shell32

ShellExecuteExW

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zk0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zk1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

901801ef680a95673f65e65bc561d47e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

user32

Sections

.text Size: - Virtual size: 74KB

.rdata Size: - Virtual size: 40KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 4KB

_RDATA Size: - Virtual size: 252B

.zk0 Size: - Virtual size: 1.6MB

.zk1 Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 403KB - Virtual size: 402KB

.text
Size: - Virtual size: 74KB

.rdata
Size: - Virtual size: 40KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 4KB

_RDATA
Size: - Virtual size: 252B

.zk0
Size: - Virtual size: 1.6MB

.zk1
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 403KB - Virtual size: 402KB