d13d9427fb7ef24f89a91918c4bf5f10N

General

Target

d13d9427fb7ef24f89a91918c4bf5f10N
Size

152KB
MD5

d13d9427fb7ef24f89a91918c4bf5f10
SHA1

179a59af4b1bf9eb4a010d7051e7f727cdc2fb00
SHA256

84149a67774ada0b9c15a37f91db6bbf2495ba94e1e67e004a78144b49bbe42c
SHA512

870ad8088aa567be7fd2c77a83dcf9941054a7b230c02d474db199a48012a9c488bd552f0cce18240e15e697f3b4f5d6440e1f6eba6ec8cd5ca742704192cd47
SSDEEP

3072:dKEY9aFK1xqI856VZa1LWoNc/+//S8oclGQBn:4cFK1xqt5d9c2//Fo5Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d13d9427fb7ef24f89a91918c4bf5f10N

Files

d13d9427fb7ef24f89a91918c4bf5f10N
.exe windows:4 windows x86 arch:x86

c61846664f790c84e95a6903ec05ef49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sagaryf\Akyfid\Wugu.pdb

Imports

kernel32

GetCurrentProcessId
GetFileTime
GetTimeFormatW
SetSystemPowerState
GetCommandLineW
GetLocalTime
CreateFileW
SetTapePosition
lstrcmpiW
GetACP
GetStringTypeW
GetStringTypeA
GetSystemInfo
VirtualProtect
GetCPInfo
GetLocaleInfoA
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoW
GetVersionExA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetOEMCP

user32

GetMessagePos
UpdateWindow
GetClassNameW
GetDC
GetAsyncKeyState
EnumChildWindows
ShowWindow
GetWindowTextW
FindWindowW

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c61846664f790c84e95a6903ec05ef49

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 4KB - Virtual size: 601KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 4KB - Virtual size: 601KB

.rsrc
Size: 28KB - Virtual size: 26KB