f0590401d3e8a50898c94cfbd99d3e658625771d2ce4253ee2b3444c5b1aadaa

Sharing

Copy URL Twitter E-mail

General

Target

f0590401d3e8a50898c94cfbd99d3e658625771d2ce4253ee2b3444c5b1aadaa
Size

96KB
MD5

b6975a2b0be7f10a57f184ba1a69f365
SHA1

59f364e05b8b1140b266cac0c05d557ff8a9439c
SHA256

f0590401d3e8a50898c94cfbd99d3e658625771d2ce4253ee2b3444c5b1aadaa
SHA512

de4b51d92395f927b4de17eca92582fa89b79f2f0f9340e17b69692a9e25b0a557366fcf97cf2f1516d0b0992842a5f3b7dec62cba6809d3f9f7ba1ee4ba17bd
SSDEEP

1536:BOXklFDgBfJVIclkbGIK5ainjaO1tjyZtE1iF:s0IZ1kb/IjagOZtE1iF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0590401d3e8a50898c94cfbd99d3e658625771d2ce4253ee2b3444c5b1aadaa

Files

f0590401d3e8a50898c94cfbd99d3e658625771d2ce4253ee2b3444c5b1aadaa
.exe windows:4 windows x86 arch:x86

7dfa756e5b391f186018dc80d1088bcc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fastpic_ext_process.pdb

Imports

kernel32

GetProcAddress
FreeLibrary
GetLastError
FindResourceExW
GetModuleFileNameW
LoadLibraryW
LoadResource
LockResource
SizeofResource
FindResourceW
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA

shell32

ord680
ShellExecuteW

shlwapi

PathFileExistsW

user32

UnregisterClassA

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dfa756e5b391f186018dc80d1088bcc

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

shlwapi

user32

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 880B

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 880B