a288a34fd3dd5d2cd7a203394971c765c4542ad0b898f2d385c5f185956bcfc0

Sharing

Copy URL Twitter E-mail

General

Target

a288a34fd3dd5d2cd7a203394971c765c4542ad0b898f2d385c5f185956bcfc0
Size

38KB
MD5

d33ca5aeccca044752471a496a7e9c4a
SHA1

e7fd4abbcb2ce343d7d29b6da1cf1fb63b0f05b5
SHA256

a288a34fd3dd5d2cd7a203394971c765c4542ad0b898f2d385c5f185956bcfc0
SHA512

b020930dc75666059e465540a5129046da7511c7007ad9b62c83fdacf3c7cd9db91d44cc148cb19476bd72a5e56064edc40b2cc389d51c0ef19aa6c0d8736f5e
SSDEEP

384:CTFeJh8RiSXg92JlT7iSB4sTquiTb8ROJot3omlMznhkHI3yDEYQMMUIC840X/2i:TWLgcN7iDyDiUROJQ4hkKosrvz4fs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a288a34fd3dd5d2cd7a203394971c765c4542ad0b898f2d385c5f185956bcfc0

Files

a288a34fd3dd5d2cd7a203394971c765c4542ad0b898f2d385c5f185956bcfc0
.exe windows:4 windows x86 arch:x86

0cfbc8b9d253f22ebb3676310b2e2152

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
GetExitCodeProcess
ReadFile
PeekNamedPipe
WriteFile
WaitForSingleObject
TerminateThread
CreateThread
InterlockedExchange
CreateMutexA
CreateProcessW
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetSystemDefaultLCID
CloseHandle
GetComputerNameA
VirtualFree
GetVersionExA
GetStringTypeA
LCMapStringW
LCMapStringA
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetStartupInfoA
GetSystemDirectoryA
CreateProcessA
Sleep
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetLastError
DeleteFileA
GetDriveTypeA
GetTempPathA
GetLocalTime
GetTempFileNameA
GetACP
GetCPInfo
IsBadCodePtr
SetUnhandledExceptionFilter
CreateFileA
FlushFileBuffers
GetStringTypeW
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
SetFilePointer
GetCurrentProcess
TerminateProcess
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetModuleHandleA
RtlUnwind

advapi32

RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
GetUserNameA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHGetFileInfoA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCloseHandle

urlmon

ObtainUserAgentString

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cfbc8b9d253f22ebb3676310b2e2152

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

winhttp

urlmon

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 56KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 56KB