19b1236aa8012e15fe9f43ee811f10e96da52ed9ffd69e817045bf49af629470

Sharing

Copy URL Twitter E-mail

General

Target

19b1236aa8012e15fe9f43ee811f10e96da52ed9ffd69e817045bf49af629470
Size

160KB
MD5

1b9ec93414e9aa2c4dab8733e8a59b8d
SHA1

bef6053cf2a86b4f210e2a3a39d5a1edd5a00674
SHA256

19b1236aa8012e15fe9f43ee811f10e96da52ed9ffd69e817045bf49af629470
SHA512

09b3246d2bb988fafd434f9f0187ffab43ac243f86142235f5de3dceb45159c2acda6a4ff11ad5a6f10c255e23b70d86ef28cb8cca9271946de8b5a8c220a867
SSDEEP

3072:cAcOagmcHMMDjnFNyLSCEz5a7idzmAvUha5cA8hA:F/fHMMDjnFkGlzoySDhA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19b1236aa8012e15fe9f43ee811f10e96da52ed9ffd69e817045bf49af629470

Files

19b1236aa8012e15fe9f43ee811f10e96da52ed9ffd69e817045bf49af629470
.exe windows:5 windows x86 arch:x86

3d34f45a73ac1c108128ea17d8103141

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
lstrcmpiA
GetPrivateProfileSectionA
OpenProcess
Process32Next
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
FindClose
FindNextFileA
FindFirstFileA
ReadFile
GetFileSize
LocalAlloc
GetLogicalDriveStringsA
GetDriveTypeA
HeapReAlloc
lstrcatA
lstrcmpA
SetPriorityClass
SetErrorMode
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileAttributesA
GetFileAttributesW
GetWindowsDirectoryA
GetSystemDirectoryA
MultiByteToWideChar
ExpandEnvironmentStringsW
lstrlenW
ExpandEnvironmentStringsA
lstrcpyW
lstrlenA
GetPrivateProfileStringA
CreateMutexA
GetLastError
lstrcpyA
GetModuleFileNameA
DeleteFileA
GetCommandLineA
SearchPathA
GetProcessHeap
HeapAlloc
HeapFree
GetSystemDefaultLangID
GetComputerNameA
GetLocaleInfoA
lstrcpynA
GetCurrentThread
WideCharToMultiByte
GetVersionExA
Sleep
GetStartupInfoA
GetModuleHandleA
VirtualProtect
GetCurrentProcessId
GetLocalTime
SetFilePointer
WriteFile
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetStdHandle
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapSize
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTempPathA
GetTempFileNameA
DeviceIoControl
CloseHandle
CreateFileA
GetVersion
SetLastError
GetCurrentProcess

user32

CharLowerA
wsprintfA
CharUpperA
ExitWindowsEx
ShowWindow
LoadStringA
wsprintfW

advapi32

CheckTokenMembership
GetTokenInformation
OpenThreadToken
CreateWellKnownSid
DuplicateToken
GetUserNameA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetSpecialFolderPathA
ord680

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoFreeUnusedLibraries

k7avwscn

K7ScanUI_RunScanner

ntdll

RtlUnwind
NtQueryInformationFile

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d34f45a73ac1c108128ea17d8103141

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

k7avwscn

ntdll

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 11KB - Virtual size: 63KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 11KB - Virtual size: 63KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB