556ae415dfdfe9ef482c36b642bc4fae6c3ee2d348dff8588924c588b4b232a7

Sharing

Copy URL Twitter E-mail

General

Target

556ae415dfdfe9ef482c36b642bc4fae6c3ee2d348dff8588924c588b4b232a7
Size

76KB
MD5

80f42d4be94397735002824dad2abc9d
SHA1

aa167890c457bb95dc449d9467cd81f5ef050bea
SHA256

556ae415dfdfe9ef482c36b642bc4fae6c3ee2d348dff8588924c588b4b232a7
SHA512

4fdaf4062d89c356699521fdf8693ce0d12902178afec61c85473af1b5c3befc90fa6a1ff41fd1d5ad541dea9d9c7f31abe5a20a2fd8b68b6291d9d26491b0e5
SSDEEP

768:Ro2hltI7Jw6S/Ev/moT6XNSDvApluoozVX0OpPryiB9VtnDKJiSCMhtwZl:Roi6N/moTe3Y0OR3nc9lt8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
556ae415dfdfe9ef482c36b642bc4fae6c3ee2d348dff8588924c588b4b232a7

Files

556ae415dfdfe9ef482c36b642bc4fae6c3ee2d348dff8588924c588b4b232a7
.exe windows:4 windows x86 arch:x86

9406de4a61eebbe7a281dfe391bfa2cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrcpynA
WideCharToMultiByte
Process32First
Process32Next
CreateProcessA
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
Module32First
HeapFree
IsBadReadPtr
GetProcAddress
LocalFree
GetCommandLineW
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
FreeLibrary
LoadLibraryA
CreateToolhelp32Snapshot
CloseHandle
HeapReAlloc
GetLastError
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeA
GetStringTypeW

ws2_32

WSAGetLastError

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shlwapi

PathRemoveBackslashA
PathRemoveFileSpecA
PathFindFileNameA
PathFileExistsA

user32

wsprintfA
MessageBoxA

shell32

CommandLineToArgvW

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9406de4a61eebbe7a281dfe391bfa2cd

Headers

File Characteristics

Imports

kernel32

ws2_32

advapi32

shlwapi

user32

shell32

oleaut32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 1KB