243a89eb3bfc99f8cd6091f87e7fbd0fb9174fb77985b0899c2c736ec789ab66

Sharing

Copy URL Twitter E-mail

General

Target

243a89eb3bfc99f8cd6091f87e7fbd0fb9174fb77985b0899c2c736ec789ab66
Size

19KB
MD5

a064c1e07c814efad9f9d5e75cd71664
SHA1

f388db7fc2b0757a811d0e6164e7de388405449b
SHA256

243a89eb3bfc99f8cd6091f87e7fbd0fb9174fb77985b0899c2c736ec789ab66
SHA512

05b0b984f10205d472842225354e369bba7b250991725638a90952f9b4ddf7c75d55c40a2d36af4ab188cfd863d17185905adb6fe3da6c6c11dc4dbdc37203e9
SSDEEP

384:GoIVDhDDtnfko2uIOwtpFUNIOQ//h8mnK/iWSuPFWQWDuM3Wk:nyFDD5MLjV/0Zeb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
243a89eb3bfc99f8cd6091f87e7fbd0fb9174fb77985b0899c2c736ec789ab66

Files

243a89eb3bfc99f8cd6091f87e7fbd0fb9174fb77985b0899c2c736ec789ab66
.exe windows:5 windows x86 arch:x86

d763aeb911b9dd6e2e684db447aeffa8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

quser.pdb

Imports

winsta

WinStationEnumerateW
WinStationQueryInformationW
WinStationFreeMemory
WinStationOpenServerW

utildll

StrConnectState
GetUnknownString

user32

wvsprintfW
CharToOemW
wsprintfW
LoadStringW

kernel32

SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
lstrcpynW
GetFileAttributesW
GetCommandLineW
VerSetConditionMask
VerifyVersionInfoW
GlobalFree
GetTimeFormatW
GlobalAlloc
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
GetLastError
SetThreadUILanguage
GetConsoleOutputCP
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
MultiByteToWideChar
GetACP
GetOEMCP
LocalFree
LocalAlloc
FreeLibrary
LoadLibraryW
SetLastError
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleW
FormatMessageW

ntdll

memmove
wcstoul
wcscmp
_wcsnicmp
iswdigit
wcstol
wcsncpy
wcscat
_ultoa
wcschr
wcslen
_snwprintf
wcscpy
_chkstk
_wcslwr
RtlExtendedLargeIntegerDivide

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_wcsdup
fwprintf
_iob
fprintf
_wsetlocale
setlocale
printf
wprintf
malloc
vswprintf
free
vfwprintf

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d763aeb911b9dd6e2e684db447aeffa8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winsta

utildll

user32

kernel32

ntdll

msvcrt

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 100KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 100KB