8d784af9aaae89867e78c0f3749789dbaf1026e56184c4c40f31c8e5a0af57c0

Sharing

Copy URL Twitter E-mail

General

Target

8d784af9aaae89867e78c0f3749789dbaf1026e56184c4c40f31c8e5a0af57c0
Size

6.4MB
MD5

a4bb26c9904d240f57602ba0a4bbdad4
SHA1

4a7f0d608614748ed56f7169baa5727c72835f0d
SHA256

8d784af9aaae89867e78c0f3749789dbaf1026e56184c4c40f31c8e5a0af57c0
SHA512

f1ba03843c213b55052913792afd42b67b0337c91147ade6a8b447c8123cfe2fcb9c1335a5467739c895d5fec7d401556187698ea5ab331e825770e53a00e7da
SSDEEP

98304:WkHxlKzsdMOE0TXFVYrF0bv9JMh0TnLPM4TYxtfH/s8Aay9Y9S+OYn9H/w:WkRlKzAMF0TPYrOtDLPbYnHn4uzOY9Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d784af9aaae89867e78c0f3749789dbaf1026e56184c4c40f31c8e5a0af57c0

Files

8d784af9aaae89867e78c0f3749789dbaf1026e56184c4c40f31c8e5a0af57c0
.exe windows:5 windows x86 arch:x86

693db42152ed10b81a5169c34b8891d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_EH_prolog
__CxxFrameHandler3
memcmp
memchr
strncpy
malloc
_wtoi64
atexit
??_V@YAXPAX@Z
memset
strcpy_s
strtok_s
memmove
strchr
memcpy
strcat
??_U@YAPAXI@Z
wcslen
strlen

kernel32

IsProcessorFeaturePresent
LoadLibraryW
ExitProcess
GetCurrentProcess
HeapAlloc
GetProcessHeap
lstrlenA
HeapFree
ReadProcessMemory
VirtualQueryEx
GetComputerNameA
FileTimeToSystemTime
CloseHandle
WaitForSingleObject
CreateThread
GetDriveTypeA
GetLogicalDriveStringsA
CreateDirectoryA
LoadLibraryA
GetStringTypeW
Sleep
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetModuleFileNameW
GetStdHandle
GetProcAddress
GetCurrentThreadId
SetLastError
GetModuleHandleW
OpenProcess
RaiseException
EncodePointer
GetLastError
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
WriteFile
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

wsprintfW
CharToOemA

advapi32

RegGetValueA
GetCurrentHwProfileA
RegOpenKeyExA
GetUserNameA

shell32

SHFileOperationA

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

shlwapi

ord155

crypt32

CryptStringToBinaryA

Sections

.text
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp®@�
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp®@�
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp®@�
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

693db42152ed10b81a5169c34b8891d0

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

Sections

.text Size: - Virtual size: 135KB

.rdata Size: - Virtual size: 45KB

.data Size: - Virtual size: 2.1MB

.vmp®@� Size: - Virtual size: 3.0MB

.vmp®@� Size: 1024B - Virtual size: 808B

.vmp®@� Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 733KB

.text
Size: - Virtual size: 135KB

.rdata
Size: - Virtual size: 45KB

.data
Size: - Virtual size: 2.1MB

.vmp®@�
Size: - Virtual size: 3.0MB

.vmp®@�
Size: 1024B - Virtual size: 808B

.vmp®@�
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 733KB