c96433b87463ea96d3096244ef64ccdb6ad04a894d69beb108c40dda0baec742N

Sharing

Copy URL Twitter E-mail

General

Target

c96433b87463ea96d3096244ef64ccdb6ad04a894d69beb108c40dda0baec742N
Size

5.4MB
MD5

fd2ffc05f7b47843bb69db79ab93ea20
SHA1

a1ccd09f01735dcf32fbd2e5b68e2be605f6a829
SHA256

c96433b87463ea96d3096244ef64ccdb6ad04a894d69beb108c40dda0baec742
SHA512

693771c14668b8ea6cb80f23746df38ba7b2351fea5df20779a585a149e8106b940e4a99d7fea8b67f90657c08eaa2b986c31caaf12de73ba62f3104378e3f91
SSDEEP

24576:JdfIJUJ8VgE7C0hYz7T4/xbFk56yjRKB+P9fc05W9SPRcx6yY5c6ZaJk+kaoYHjC:tBaC0S8pJKNJtYxx6E2r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c96433b87463ea96d3096244ef64ccdb6ad04a894d69beb108c40dda0baec742N

Files

c96433b87463ea96d3096244ef64ccdb6ad04a894d69beb108c40dda0baec742N
.exe windows:5 windows x86 arch:x86

cab671025afc0a23bf12376e774d216b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
FindResourceW
FileTimeToLocalFileTime
GetLocaleInfoW
CloseHandle
ReadFile
GetLastError
VirtualAlloc
LocalAlloc
CreateDirectoryW
GlobalFree
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetModuleHandleW
GetProcAddress
CreateSemaphoreW
CreateThread
ExitThread
LoadLibraryExW
HeapFree
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
HeapAlloc
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualFree
VirtualProtect
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LoadLibraryW
GetStringTypeW
SetStdHandle
WriteConsoleW
CreateFileW

advapi32

RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenSCManagerW

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.irvt
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cab671025afc0a23bf12376e774d216b

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 214KB - Virtual size: 214KB

.data Size: 42KB - Virtual size: 7.0MB

.idata Size: 3KB - Virtual size: 3KB

.xdata Size: 8KB - Virtual size: 7KB

.irvt Size: 4.5MB - Virtual size: 4.5MB

.rsrc Size: 725KB - Virtual size: 724KB

.text
Size: 214KB - Virtual size: 214KB

.data
Size: 42KB - Virtual size: 7.0MB

.idata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 8KB - Virtual size: 7KB

.irvt
Size: 4.5MB - Virtual size: 4.5MB

.rsrc
Size: 725KB - Virtual size: 724KB