f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9

Sharing

Copy URL

Twitter E-mail

General

Target

f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9
Size

311KB
MD5

c97388da696eb8faa014fe1bfd156874
SHA1

855a68cc100fae5e51a9cb1f79c80ce0989e00ed
SHA256

f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9
SHA512

d01f4d789c2102d8d50b237360dba661a0970c8625dacaf36385792eb2723cd7301642f8d41fb15f90393c7c4b792a585ccc6b6bc3020a3e96f41d0d6178af4d
SSDEEP

3072:ukqx3j3DBWYiAVf/45nW6q8eEaoHiskQIUITJBKSvB4bqq5jS3Me308TXGs/N:uj3pndf/2W6gEaokhBPvBzee35V/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9

Files

f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9
.exe windows:5 windows x86 arch:x86

bf8b01fbb1a38071f749a4a4332fa4ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
WriteConsoleInputW
AllocConsole
CommConfigDialogA
SetEndOfFile
LocalCompact
LoadLibraryExW
GetProcessPriorityBoost
LoadLibraryW
IsBadCodePtr
GetModuleFileNameW
GetACP
ReplaceFileA
CreateDirectoryA
GetLastError
SetLastError
GetProcAddress
CreateFileA
GlobalFree
CreateFileMappingA
LocalAlloc
CreateEventW
GlobalFindAtomW
EnumResourceTypesW
GetWindowsDirectoryW
SetFileAttributesW
RaiseException
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
CreateJobSet
GetDateFormatW
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
HeapCreate
EncodePointer
HeapFree
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
GetOEMCP
IsValidCodePage
Sleep
RtlUnwind
HeapSize

user32

GetClassInfoW
InsertMenuItemW
CharUpperBuffA
SetCursorPos
GetCaretPos
GetMessageTime
GetKeyboardLayoutNameA

advapi32

ClearEventLogA

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 28.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf8b01fbb1a38071f749a4a4332fa4ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 146KB - Virtual size: 28.4MB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 146KB - Virtual size: 28.4MB

.rsrc
Size: 16KB - Virtual size: 16KB