66249031b065c96ccd2ab88cd1b04cc8bae88f2bb880e838da67bbc1686811a8

Sharing

Copy URL Twitter E-mail

General

Target

66249031b065c96ccd2ab88cd1b04cc8bae88f2bb880e838da67bbc1686811a8
Size

243KB
MD5

eabe5707e393f026aac38fcacaa63443
SHA1

2153519b351e88cf226534e701f1b00cfbeee4e8
SHA256

66249031b065c96ccd2ab88cd1b04cc8bae88f2bb880e838da67bbc1686811a8
SHA512

dcad615e20ec5273201057798af7416ec63f3a3e4d454542a3611161062931b380bf2f2817c633f813d8d46a78c2531d24cc3c86118d2c9c45ed77b8c0b50d48
SSDEEP

3072:poIp1wa9ein7aH6L50tm9gYytxV81tTIKbhEXI4o5laYaQ2F0iqplb+vK3yi+xO8:poIphOa2V6tTISIi5l1DiqjbYONa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66249031b065c96ccd2ab88cd1b04cc8bae88f2bb880e838da67bbc1686811a8

Files

66249031b065c96ccd2ab88cd1b04cc8bae88f2bb880e838da67bbc1686811a8
.exe windows:5 windows x86 arch:x86

7410597d5dc421ad6164bf650d9c8ee7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\sk_skfp\AisinoInvoice\Bin\skfpShell.pdb

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
WinExec
DisconnectNamedPipe
CreateMutexA
GetModuleFileNameA
GetModuleFileNameW
CreateFileA
WaitNamedPipeA
WideCharToMultiByte
SetLocaleInfoA
GetSystemDefaultLCID
CreateToolhelp32Snapshot
RaiseException
Process32Next
LocalAlloc
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
lstrcpyW
CreateFileW
lstrlenA
SetEnvironmentVariableA
SetEndOfFile
OutputDebugStringW
ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
InterlockedDecrement
Process32First
DecodePointer
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
EncodePointer
MultiByteToWideChar
GetStringTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
GetCurrentThreadId
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
SetFilePointerEx
GetTimeZoneInformation

user32

SendMessageA
FindWindowA
SetForegroundWindow
ShowWindow

shell32

ShellExecuteA

oleaut32

VariantClear
SysAllocString
SysFreeString

crypt32

CertGetNameStringA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CryptQueryObject

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7410597d5dc421ad6164bf650d9c8ee7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

oleaut32

crypt32

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 17KB - Virtual size: 29KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 17KB - Virtual size: 29KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 9KB - Virtual size: 8KB