1c5733202f848b749cdbe5f51b642398c0d6a403c51a5f289b6f08dee2e9ada0N

General

Target

1c5733202f848b749cdbe5f51b642398c0d6a403c51a5f289b6f08dee2e9ada0N
Size

288KB
MD5

b3931fa8b940212efc39e9075f1f8540
SHA1

07e76d0298e8de9b8b4a523882e9233e74111e58
SHA256

1c5733202f848b749cdbe5f51b642398c0d6a403c51a5f289b6f08dee2e9ada0
SHA512

5b3708cac3e2093f3e261a3b33855ba5d0205e149384729fd87f3437c0b7395065c3ab7673112c2eb2cbc643468d4d223015eacb05dd7777b6d6c1bf412c81e5
SSDEEP

6144:FaE4iMB3k7H25hyxLYve1sYp0s7BA/0D9C:FaERjyhaLYmB0s7KA8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c5733202f848b749cdbe5f51b642398c0d6a403c51a5f289b6f08dee2e9ada0N

Files

1c5733202f848b749cdbe5f51b642398c0d6a403c51a5f289b6f08dee2e9ada0N
.exe windows:6 windows x86 arch:x86

acff8c83a9241f523622d384eff75a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapReAlloc
HeapAlloc
WriteConsoleW
GetProcessHeap
CloseHandle
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
SetFilePointerEx
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW

user32

MessageBoxW

ntdll

NtWriteVirtualMemory
NtSetContextThread
NtReadVirtualMemory
NtDelayExecution
NtAllocateVirtualMemory
NtFlushInstructionCache
NtGetContextThread
NtFreeVirtualMemory
NtResumeThread
RtlInitUnicodeString

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acff8c83a9241f523622d384eff75a93

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 216KB - Virtual size: 216KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 216KB - Virtual size: 216KB