11f8aef129aa4618855c272655123dc79d9a2e378f80becc930aab81ab70ce63

Sharing

Copy URL Twitter E-mail

General

Target

11f8aef129aa4618855c272655123dc79d9a2e378f80becc930aab81ab70ce63
Size

314KB
MD5

d24c7626e6deb48675c2abd1ce47f7b9
SHA1

03658848f51ecc57b0a5efaf55304977057c6bd8
SHA256

11f8aef129aa4618855c272655123dc79d9a2e378f80becc930aab81ab70ce63
SHA512

2515882e6b7a4ce59e4e67cfe7db2246bdc1381728492f3dc653a3ad9a4b2e51518f6aacca103d0ca76bf4a5cd4633e3698979280b69484ebf8a781604abf3fe
SSDEEP

6144:7rNHgxFQebEXcuu9ublwMcr3synEL5YDWmk0QfPEKjIMZ6ATotHze:7rNHDXcuukuXrpVDeEKjLJotH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11f8aef129aa4618855c272655123dc79d9a2e378f80becc930aab81ab70ce63

Files

11f8aef129aa4618855c272655123dc79d9a2e378f80becc930aab81ab70ce63
.exe windows:4 windows x86 arch:x86

b214c860a7d1d90f155873d4f9b26e33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\klte

Imports

kernel32

HeapSize
ExitProcess
EnumSystemLocalesA
GetVersionExA
CloseHandle
GetSystemInfo
LoadLibraryA
GetUserDefaultLCID
GetCurrentThreadId
GetLastError
TerminateProcess
GetTickCount
ReadFile
QueryPerformanceCounter
FreeEnvironmentStringsA
GetProcAddress
GetACP
TlsAlloc
CompareStringA
GetCurrentProcess
MultiByteToWideChar
HeapDestroy
GetStdHandle
OpenMutexA
SetEnvironmentVariableA
GetLocaleInfoW
GlobalFlags
LeaveCriticalSection
CreateMutexA
ConnectNamedPipe
GetLocaleInfoA
RtlUnwind
TlsFree
VirtualProtect
SetHandleCount
InterlockedExchange
DeleteCriticalSection
GetCurrentProcessId
SetLastError
FreeEnvironmentStringsW
GetCurrentThread
GetCommandLineA
GetDateFormatA
GetFileType
GetTimeZoneInformation
IsValidLocale
IsValidCodePage
GetStringTypeW
GetEnvironmentStrings
GetCPInfo
GetTimeFormatA
GetStartupInfoA
GetModuleFileNameA
HeapReAlloc
GetPrivateProfileIntA
GetEnvironmentStringsW
CompareStringW
VirtualAlloc
LCMapStringA
VirtualQuery
EnterCriticalSection
InitializeCriticalSection
TlsGetValue
IsBadWritePtr
WideCharToMultiByte
ExpandEnvironmentStringsW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapAlloc
WriteFile
GetStringTypeA
SetFilePointer
GetModuleHandleA
TlsSetValue
HeapCreate
HeapFree
FlushFileBuffers
SetStdHandle
LCMapStringW
GetOEMCP
VirtualFree

user32

ClientToScreen
CreateWindowExA
SendNotifyMessageA
RegisterClassExA
WinHelpA
CharLowerBuffA
OpenClipboard
ClipCursor
PostQuitMessage
DefWindowProcA
TranslateAcceleratorA
DdeGetLastError
OpenInputDesktop
MessageBoxA
UnhookWindowsHook
DdeFreeDataHandle
ReplyMessage
GetDoubleClickTime
CharLowerBuffW
DrawMenuBar
ShowWindow
EnumThreadWindows
GetMenuItemInfoW
GetParent
RegisterClassA

comctl32

InitCommonControlsEx

advapi32

LookupAccountSidW
CryptEnumProvidersA
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExA
CreateServiceA
RevertToSelf
CryptSetProviderW
CryptVerifySignatureA
RegLoadKeyW
CryptContextAddRef
LookupPrivilegeValueA
RegRestoreKeyW
RegQueryInfoKeyA
CryptSignHashW
RegOpenKeyW
RegEnumKeyExA
CryptEncrypt
RegQueryValueExA

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b214c860a7d1d90f155873d4f9b26e33

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

advapi32

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 24KB - Virtual size: 47KB

.data Size: 88KB - Virtual size: 88KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 24KB - Virtual size: 47KB

.data
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 14KB - Virtual size: 13KB