89500f91dedb007a56d92524ad1f49fb5f189608bcaf7f939a85efa43fdf3875

Sharing

Copy URL

Twitter E-mail

General

Target

89500f91dedb007a56d92524ad1f49fb5f189608bcaf7f939a85efa43fdf3875
Size

87KB
MD5

f3a9ede892471f857c0dcd3d28b29276
SHA1

b8dac89bf81fd53fb95f73069a79d2b13cf950cb
SHA256

89500f91dedb007a56d92524ad1f49fb5f189608bcaf7f939a85efa43fdf3875
SHA512

feeb3285e5990aea20361c822d8157fe5512a885f61d0ababc52e2f2a49ebcf857e68e4ae7a07ce2ff4fb3ec8ce1a27ce18a2ebc3e403b299f4edd3ce4e18c9d
SSDEEP

1536:UDiSTW+xM78HeG62Sm5a1Ms+u/r27dT1bLrC+p5CfTUCnBn5VctCk7hXIvCv16eE:9+VeQlNuy7dT1bLrC+p5CfTUCnBn5Vcm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89500f91dedb007a56d92524ad1f49fb5f189608bcaf7f939a85efa43fdf3875

Files

89500f91dedb007a56d92524ad1f49fb5f189608bcaf7f939a85efa43fdf3875
.exe windows:5 windows x86 arch:x86

4df6cc9cd02ba9a70647de1165d20fac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fsutil.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
_cexit
_XcptFilter
_exit
_c_exit
iswdigit
iswalpha
iswspace
exit
_wcsdup
towupper
_wctime
_snwprintf
toupper
isdigit
isalpha
swprintf
setlocale
wcsncat
wprintf
calloc
_wcsnicmp
malloc
free
wcslen
wcscpy
wcscat
_errno
_except_handler3
_wcsicmp

advapi32

OpenEventLogW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ReadEventLogW
LookupAccountSidW
CloseEventLog
LookupAccountNameW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
WriteFile
GetDateFormatW
GetTimeFormatW
GetFileSizeEx
SetThreadLocale
GetVersionExW
SetLastError
GetLastError
GetSystemInfo
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
SetFilePointerEx
SetEndOfFile
DeleteFileW
GetModuleHandleW
GetProcAddress
CreateFileW
DeviceIoControl
GetCurrentProcess
GetFullPathNameW
LocalFree
FormatMessageW
FileTimeToSystemTime
GetDiskFreeSpaceExW
QueryPerformanceCounter
GetTickCount
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateHardLinkW

ntdll

RtlNtStatusToDosError
NtOpenFile
RtlInitUnicodeString
NtSetVolumeInformationFile
NtQueryVolumeInformationFile
RtlTimeToSecondsSince1970
RtlLengthSid
NtQueryQuotaInformationFile
NtSetQuotaInformationFile
NtQueryInformationFile
RtlTimeToTimeFields

ole32

StringFromIID
CoTaskMemFree

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4df6cc9cd02ba9a70647de1165d20fac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ntdll

ole32

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 55KB - Virtual size: 151KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 55KB - Virtual size: 151KB