c9d85a3996604fc869481f46c6e5c28e249aedf16ffce1c0ed766cae96aadbceN

Sharing

Copy URL Twitter E-mail

General

Target

c9d85a3996604fc869481f46c6e5c28e249aedf16ffce1c0ed766cae96aadbceN
Size

490KB
MD5

d9ca866c8e0b8441171ad25d11e02d80
SHA1

0ddf8e46975605de05cb467babeb7f2b235a9a11
SHA256

c9d85a3996604fc869481f46c6e5c28e249aedf16ffce1c0ed766cae96aadbce
SHA512

33165f227937b5602883943f9d1616024dd0785636ac46643ad7f0cd60339762a8d3d7dd1064b75af33acffcab16a01dd96336d4ca4a9d4cfb30e4a77a3b1f89
SSDEEP

12288:+SNICb97nt35q4g1+8T0iVy6GWjlohIreBY:+zCx7tAB1Xw2GWjlT4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9d85a3996604fc869481f46c6e5c28e249aedf16ffce1c0ed766cae96aadbceN

Files

c9d85a3996604fc869481f46c6e5c28e249aedf16ffce1c0ed766cae96aadbceN
.exe windows:4 windows x86 arch:x86

8cee0ebc1bde2c17986c6bfc80813758

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
CreateEventA
CopyFileA
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
lstrcmpiW
SetEvent
GetCommandLineW
GetCurrentProcess
GetStringTypeA
LCMapStringW
WaitForSingleObject
VirtualAlloc
LoadLibraryExA
Sleep
FindResourceA
SizeofResource
LoadResource
LockResource
GlobalAlloc
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
DeviceIoControl
CloseHandle
GetLastError
GetLocalTime
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeW

user32

wsprintfA

advapi32

RegSetValueExA
RegCreateKeyExA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
RegCloseKey
SetServiceStatus

shell32

CommandLineToArgvW

Sections

.text
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cee0ebc1bde2c17986c6bfc80813758

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 19KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 13KB - Virtual size: 16KB

.vmp0 Size: 3KB - Virtual size: 4KB

.rsrc Size: 450KB - Virtual size: 449KB

.text
Size: 19KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 13KB - Virtual size: 16KB

.vmp0
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 450KB - Virtual size: 449KB