fba4162c970f6e62f647d674778c1dca167e00d6834cc666ce19a6ef4469d26b

Sharing

Copy URL Twitter E-mail

General

Target

fba4162c970f6e62f647d674778c1dca167e00d6834cc666ce19a6ef4469d26b
Size

354KB
MD5

f3792e18cc8e6e5ab2c660f8c5ceffab
SHA1

7d54e2ad0c802d60a0b65017c957a34ab85b146d
SHA256

fba4162c970f6e62f647d674778c1dca167e00d6834cc666ce19a6ef4469d26b
SHA512

9e9bc30a6091e26f4d1f422f05363edc451d89f386bd124e5fa10c5724038f7075aad8d9c4ad7b7298951757dcd056a1344b998979e47f5c388bb0d948e39f1b
SSDEEP

6144:iBC49711mAEPcA+oeA06wifR/uxhQhrew1NK1uFQc:iBC49711mAEPcA+2uxhQhrZK1uH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fba4162c970f6e62f647d674778c1dca167e00d6834cc666ce19a6ef4469d26b

Files

fba4162c970f6e62f647d674778c1dca167e00d6834cc666ce19a6ef4469d26b
.exe windows:6 windows x86 arch:x86

d87b67d2651d24d40a17a4c6b40489b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
ReadFile
ReadConsoleW
SetConsoleCtrlHandler
WideCharToMultiByte
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
GetModuleFileNameW
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW
OutputDebugStringW
EncodePointer
DecodePointer
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindNextFileW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCurrentThread
GetFileAttributesExW
CreateDirectoryW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
TerminateProcess
ExitProcess
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetVersionExA
GetVersion
GetCurrentProcess
Sleep
GetLastError
GetProcessHeap
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
SetEnvironmentVariableW

user32

wsprintfA

advapi32

QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
ChangeServiceConfigA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyExA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueA
LookupAccountSidA
GetFileSecurityA
IsValidSecurityDescriptor
IsValidAcl
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d87b67d2651d24d40a17a4c6b40489b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 299KB - Virtual size: 299KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 552B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 299KB - Virtual size: 299KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 552B

.reloc
Size: 9KB - Virtual size: 9KB