b081324f8765899a54af94dc276caa112b4ced60313a7cd9392e95cc8bdb4d49

Sharing

Copy URL Twitter E-mail

General

Target

b081324f8765899a54af94dc276caa112b4ced60313a7cd9392e95cc8bdb4d49
Size

24KB
MD5

e18128212d9c8dcfe1e17cc458de6ec1
SHA1

13b1e5d93a1f88b3dc042d77180e3be5a796adb5
SHA256

b081324f8765899a54af94dc276caa112b4ced60313a7cd9392e95cc8bdb4d49
SHA512

5d9bef7c726919054ad6be8983089086ea18e3012e136a5eb216a290f3a2662de66d835c3c0bda960ba06332af18f63c21680ba6bca552ab8387504a5756103d
SSDEEP

384:bIVBSVM5psBi0y2nPdHVvG4z9KAbvqSVT28EyN6mz81TxLjMqQLh:sVaBiGVvG5QvqSVmyhSTxkF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b081324f8765899a54af94dc276caa112b4ced60313a7cd9392e95cc8bdb4d49

Files

b081324f8765899a54af94dc276caa112b4ced60313a7cd9392e95cc8bdb4d49
.exe windows:4 windows x86 arch:x86

daf2e0cff39260a75ea41b32abef5d99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ProcessIdToSessionId
LoadLibraryA
CreateProcessA
GetCurrentThread
Module32Next
Module32First
LocalFree
GetExitCodeProcess
GetModuleHandleW
VirtualQuery
GetEnvironmentVariableA
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetStartupInfoA
Process32FirstW
Process32NextW
OpenProcess
GetLogicalDriveStringsA
QueryDosDeviceA
GetLastError
lstrcmpiA
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateNamedPipeA
CreateEventA
ConnectNamedPipe
WaitForSingleObject
DisconnectNamedPipe
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetVersionExA
GetCurrentThreadId
GetLocalTime
Sleep
OutputDebugStringA
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
CloseHandle
CopyFileA
DeleteFileA
TerminateProcess

user32

GetWindowThreadProcessId
ExitWindowsEx
FindWindowW
PostMessageA
GetWindowTextA
GetClassNameA
EnumChildWindows
EnumWindows

advapi32

LookupPrivilegeValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
LookupAccountNameA
ConvertSidToStringSidA
LookupAccountSidA
AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyA
RegDeleteKeyA
RegEnumKeyExA
RegSetKeySecurity
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegDeleteValueA
RegEnumValueA

shlwapi

StrTrimA

msvcrt

??3@YAXPAX@Z
_snprintf
??2@YAPAXI@Z
_wcsicmp
__CxxFrameHandler
atoi
free
malloc
_vsnprintf
strchr
strrchr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
_strnicmp
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strncat
strncpy
strstr
iscntrl
__getmainargs

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

iphlpapi

GetTcpTable
SetTcpEntry

msvcp60

??0Init@ios_base@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daf2e0cff39260a75ea41b32abef5d99

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

psapi

iphlpapi

msvcp60

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 896B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 896B