970c79e85f49c3cb6cb57c7b82f15ed0aa60acfcd0c983e979bfc4fa9009d97f

Sharing

Copy URL Twitter E-mail

General

Target

970c79e85f49c3cb6cb57c7b82f15ed0aa60acfcd0c983e979bfc4fa9009d97f
Size

51KB
MD5

5f349e256b256fcf6f57afe7066ec17d
SHA1

9604f3c51963e35665e16927ba4816e0567ee7f2
SHA256

970c79e85f49c3cb6cb57c7b82f15ed0aa60acfcd0c983e979bfc4fa9009d97f
SHA512

c28b6cab7d1b6025a1da1c82e7ca20641c31a5b7bb2604bdd6e813bbecef116f43a6f4db3babb2c65c983807664d00edb458691aa14ed3514998ac91c291ec43
SSDEEP

1536:zUCd4EX0JOTb7ji5A6WT2Hkd/J/L8j1EXFOpzx:wCd4gr/7W5A6WT2HU/JohAFOJx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
970c79e85f49c3cb6cb57c7b82f15ed0aa60acfcd0c983e979bfc4fa9009d97f

Files

970c79e85f49c3cb6cb57c7b82f15ed0aa60acfcd0c983e979bfc4fa9009d97f
.exe windows:5 windows x64 arch:x64

9972672f9e6f84f790abde1d9c8663ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupCloseInfFile
SetupGetLineTextA
SetupFindNextLine
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiDeleteDeviceInfo
SetupCopyOEMInfA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupOpenInfFileA
SetupFindFirstLineA
SetupGetStringFieldA

kernel32

IsDebuggerPresent
HeapReAlloc
LoadLibraryW
SetEnvironmentVariableA
CompareStringW
HeapAlloc
Sleep
HeapFree
GetLastError
SetLastError
lstrlenA
lstrcmpiA
LocalAlloc
LocalFree
CompareStringA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
lstrcatA
GetModuleFileNameA
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
DeleteFileA
GetCommandLineA
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
RtlUnwindEx
GetProcAddress
GetModuleHandleW
ExitProcess
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter

user32

GetDesktopWindow

newdev

UpdateDriverForPlugAndPlayDevicesA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9972672f9e6f84f790abde1d9c8663ae

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

newdev

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB