87bb37e3fdbf99b384c2feacd0f798183e28dd34fc27f4fa24816bda229ff94e

Sharing

Copy URL

Twitter E-mail

General

Target

87bb37e3fdbf99b384c2feacd0f798183e28dd34fc27f4fa24816bda229ff94e
Size

21KB
MD5

7f8702682b8d9cc2ab4220826173d720
SHA1

31ca632120855a2da43341cf40e0db95d8cd1653
SHA256

87bb37e3fdbf99b384c2feacd0f798183e28dd34fc27f4fa24816bda229ff94e
SHA512

a817fb3a85c066a61a40776ac9204afc555418502dd8e1ae8de6a159a33c7b901163c37a432c421acc9fadec9d5094497e0e6df945b72651206236b9aa7b0f5b
SSDEEP

384:6nlGNB9FpNzcHMJWEOXI2f6T2Rb/lFLqAhaqOKvHntZ7OVvfz+WyxylWJWdxlXWV:El29N4sEZM2nD9YVRVa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87bb37e3fdbf99b384c2feacd0f798183e28dd34fc27f4fa24816bda229ff94e

Files

87bb37e3fdbf99b384c2feacd0f798183e28dd34fc27f4fa24816bda229ff94e
.exe windows:5 windows x86 arch:x86

34931155f233d76ee8ff785b13b2d649

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
SetFileAttributesW
GetFileAttributesW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
GetTempFileNameW
GetCommandLineW
FormatMessageW
GetModuleHandleW
MultiByteToWideChar
GetStdHandle
GetFileType
WriteConsoleW
SetLastError
LoadLibraryW
FreeLibrary
SetThreadUILanguage
lstrcpyW
CopyFileW
ExpandEnvironmentStringsW
GetLastError
LocalAlloc
DeleteFileW
lstrcatW
LocalFree
GetConsoleOutputCP
lstrcpynW

msvcrt

__p__commode
__p__fmode
__setusermatherr
_initterm
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcscpy
setlocale
_snwprintf
_wsetlocale
wcscat
wcsrchr
_iob
fflush
fgetwc
_wcsnicmp
iswspace
fwprintf
vswprintf
vfwprintf
free
malloc
fprintf
_wcsdup

advapi32

SetFileSecurityW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegUnLoadKeyW
GetFileSecurityW
RegLoadKeyW
RegSaveKeyW
RegCloseKey

tsappcmp

GetTermsrCompatFlags

user32

LoadStringW

utildll

TestUserForAdmin

ntdll

wcslen
wcschr
_ultoa
wcscmp
wcstoul
wcsncpy
wcstol
memmove
_wcslwr
RtlFreeHeap
NtOpenProcessToken
NtAdjustPrivilegesToken
NtEnumerateKey
RtlInitUnicodeString
NtOpenKey
NtClose
NtDeleteKey
RtlAllocateAndInitializeSid
RtlAllocateHeap

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34931155f233d76ee8ff785b13b2d649

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

tsappcmp

user32

utildll

ntdll

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 101KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 101KB