9d743aa16f5bc035ba47dfc8789c990aee8f1e99bc5ca44a85e9195a6a32bf83

Sharing

Copy URL Twitter E-mail

General

Target

9d743aa16f5bc035ba47dfc8789c990aee8f1e99bc5ca44a85e9195a6a32bf83
Size

7.0MB
MD5

c6e84ba1f9383cc1f2a0e002a0bd39a6
SHA1

5cc9c5aa3169d9d84bbfe6df016ec31fe0df4e0e
SHA256

9d743aa16f5bc035ba47dfc8789c990aee8f1e99bc5ca44a85e9195a6a32bf83
SHA512

daeb94385d3da7655aa6546ecbc08d8a00851e62426b3d92a3c3b7b0852ef7377c2375bc826be88fb1c341883c2649517bf36cb7bd93f512910c82092ad7ab7c
SSDEEP

196608:IEfLxpTXpFlcs89uq/8cb390w+Wl333ixYV8ETpeulT/z/eG:nLHaFg4b390w+WdCxYVReulT/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d743aa16f5bc035ba47dfc8789c990aee8f1e99bc5ca44a85e9195a6a32bf83

Files

9d743aa16f5bc035ba47dfc8789c990aee8f1e99bc5ca44a85e9195a6a32bf83
.exe windows:6 windows x86 arch:x86

787a356a37e7a5d25be810fd1d6e5efd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
OutputDebugStringW
HeapSize
GetCurrentThreadId
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
GetLastError
GetCommandLineA
GetEnvironmentStringsW
GetSystemDefaultLangID
Sleep
GetSystemTime
FindClose
GlobalFree
EnterCriticalSection
GetSystemTimeAdjustment
TlsSetValue
GetModuleHandleW
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentProcess
GetCommandLineW
CloseHandle
GetVersionExA
GetACP
GetCurrentProcessId
GetTickCount
ReadFile
GetModuleFileNameW
WideCharToMultiByte
EncodePointer
DecodePointer
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
RaiseException
RtlUnwind
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsFree
GetStartupInfoW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI
WriteFile

user32

GetClientRect
CreateMenu
WaitMessage
CheckMenuRadioItem
ShowWindow
DrawMenuBar
FlashWindow
DispatchMessageA
DeferWindowPos
UpdateWindow
DestroyIcon
TranslateMDISysAccel
RegisterClassA
GetParent
ShowCursor
CreateWindowExA
EnableScrollBar
AdjustWindowRect
IsRectEmpty
SetWindowTextA

gdi32

MoveToEx
SetTextColor
Polygon
GetWinMetaFileBits
CreatePenIndirect
Rectangle
SetTextAlign
GetPixel
SetWinMetaFileBits
GetBkMode
CreateFontIndirectA
CreateHalftonePalette
GetEnhMetaFileHeader
ExtCreateRegion
StretchDIBits
SetPaletteEntries
Polyline
RestoreDC
EnumFontsA
GetBitmapBits

advapi32

RegQueryValueExA
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumKeyA

shell32

ShellExecuteExW
CommandLineToArgvW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

787a356a37e7a5d25be810fd1d6e5efd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 5.7MB - Virtual size: 5.7MB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 5.7MB - Virtual size: 5.7MB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 31KB - Virtual size: 30KB