792fff0cbe7ef79c12b51089b334101ccf0ab938905b40282aaf8b7ee9b73ce6

Sharing

Copy URL

Twitter E-mail

General

Target

792fff0cbe7ef79c12b51089b334101ccf0ab938905b40282aaf8b7ee9b73ce6
Size

28KB
MD5

57f9a42e5653f6e741d04819d4a798c2
SHA1

4d29114b36d602a564750997ae50667d437ec1e1
SHA256

792fff0cbe7ef79c12b51089b334101ccf0ab938905b40282aaf8b7ee9b73ce6
SHA512

eb25446c0fb01a237b232ef07107a1c83b741872b5830bb17a2e579d83324ebb9d1cc3f43406347984f55b78232d3db7c655179a1ddd87ca002fcef03ec21eba
SSDEEP

384:iFM+uQZRtFagXYfKT2ECJhbqvFbAGwZmTM/hGPDcG2WS9FLNIA/jVcG7ZabmmIJG:XDWXYiit3kFAPSgGa9FLX/hcOAbmm/5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
792fff0cbe7ef79c12b51089b334101ccf0ab938905b40282aaf8b7ee9b73ce6

Files

792fff0cbe7ef79c12b51089b334101ccf0ab938905b40282aaf8b7ee9b73ce6
.exe windows:5 windows x86 arch:x86

8dbb6288405ffd9d0f3e204c8c68b8b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sdbinst.pdb

Imports

msvcrt

_XcptFilter
_exit
_c_exit
tolower
_wfullpath
wcscmp
??2@YAPAXI@Z
_cexit
wcsspn
_wcsicmp
wcschr
wcslen
_wcsnicmp
wcsrchr
_vsnwprintf
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_vsnprintf
??3@YAXPAX@Z

advapi32

RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyA
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryInfoKeyW

kernel32

FindFirstFileW
FindClose
FindNextFileW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
DeleteFileW
GetFileAttributesW
CreateDirectoryW
GetLastError
ExpandEnvironmentStringsW
WriteFile
LocalFree
CloseHandle
SetFileAttributesW
CopyFileW
GetSystemTimeAsFileTime
GetCommandLineW
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CreateFileW
OutputDebugStringA
GetSystemWindowsDirectoryW

user32

MessageBoxW
LoadStringW

apphelp

SdbFindNextTag
SdbReadDWORDTag
SdbGetStringTagPtr
SdbGetBinaryTagData
SdbFindFirstTag
SdbReadBinaryTag
SdbCloseDatabase
SdbUnregisterDatabase
SdbOpenDatabase
SdbRegisterDatabaseEx

shell32

CommandLineToArgvW

ntdll

RtlGUIDFromString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
NtDeleteKey

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8dbb6288405ffd9d0f3e204c8c68b8b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

apphelp

shell32

ntdll

Sections

.text Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 36KB

.text
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 36KB