d86b7dab6a078217ab44da8668e35f8547f75b373c723c3725fa4140eb4f7a61N

General

Target

d86b7dab6a078217ab44da8668e35f8547f75b373c723c3725fa4140eb4f7a61N
Size

188KB
MD5

0124b866ab0ba23237368664cd75ac00
SHA1

8681607a55487867bfd39077d4b749c3647f19ea
SHA256

d86b7dab6a078217ab44da8668e35f8547f75b373c723c3725fa4140eb4f7a61
SHA512

b604c6ed717598bfc9a9f8a38e062da773b9be754e4487f896b604732ff9966e610a82608b0c9462f4f7bca393c88ffeb25ca1dbaa15751be9670fcd0371476d
SSDEEP

3072:BCVAmUP3Sy1ayuJO5cOKtJfoG/v4kh719ppSPrY0hAxR0apvVndrkIQIPIql:BynUPIOR+FPR1dAXheRRpvd2PIPZl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d86b7dab6a078217ab44da8668e35f8547f75b373c723c3725fa4140eb4f7a61N

Files

d86b7dab6a078217ab44da8668e35f8547f75b373c723c3725fa4140eb4f7a61N
.exe windows:1 windows x86 arch:x86

9d8f494813a3cc2f73d76d190de1e1bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringW

user32

GetParent

shlwapi

PathAddExtensionW

kernel32

FindClose
FindFirstFileW
FindNextFileW
GetLastError
GetModuleHandleW
GetProcAddress
GetTickCount
LoadLibraryA
LocalFree
VirtualProtect
lstrcatA
lstrlenW
LocalAlloc

ws2_32

WSACloseEvent
WSACreateEvent
WSACreateEvent

advapi32

RegQueryValueExW

ntdll

DbgPrint
NtCreateFile
NtOpenKey
NtQueryInformationFile
NtQuerySystemInformation
NtQueryValueKey
NtQueryVirtualMemory
NtSetInformationFile
NtWriteFile
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlDosPathNameToNtPathName_U
RtlExpandEnvironmentStrings_U
RtlFreeHeap
RtlFreeUnicodeString
RtlInitAnsiString
RtlInitUnicodeString
RtlSizeHeap
RtlUpcaseUnicodeString
sprintf
swprintf
NtOpenProcessToken

Sections

AUTO
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d8f494813a3cc2f73d76d190de1e1bc

Headers

File Characteristics

Imports

crypt32

user32

shlwapi

kernel32

ws2_32

advapi32

ntdll

Sections

AUTO Size: 10KB - Virtual size: 9KB

DGROUP Size: 134KB - Virtual size: 134KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size:

.rsrc Size: 3KB - Virtual size:

AUTO
Size: 10KB - Virtual size: 9KB

DGROUP
Size: 134KB - Virtual size: 134KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size:

.rsrc
Size: 3KB - Virtual size: