b6adb283382db8ded5054edab7a89c59e08833af7ee752494df52ece16745a81N

Sharing

Copy URL

Twitter E-mail

General

Target

b6adb283382db8ded5054edab7a89c59e08833af7ee752494df52ece16745a81N
Size

27KB
MD5

fe1857c73c9d3d19e0a7afef10662bc0
SHA1

79627b93e0bccb27d71271ded4f92c622432ace8
SHA256

b6adb283382db8ded5054edab7a89c59e08833af7ee752494df52ece16745a81
SHA512

87e695af93df2961127bd595ca7df8d6715d1f3ef3527d4de1fd63ad471092ad8ee18310500e7af49c74d46f2f9f818408d5380487ec85ed8e25219cd9302b59
SSDEEP

384:8dIZNUTdlLE0RJOHKNyiZcagT7RPzt5trmEYtP1Y/k14IxAef0EV3A6qJhUmZsBW:7U7RJOHVoclpwRP1uXEVGJhUm/lZ4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6adb283382db8ded5054edab7a89c59e08833af7ee752494df52ece16745a81N

Files

b6adb283382db8ded5054edab7a89c59e08833af7ee752494df52ece16745a81N
.exe windows:5 windows x86 arch:x86

d25c2a241b5575fe68e0ce39f4748e98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
CreateDirectoryA
CopyFileA
MoveFileA
GetFileAttributesA
VirtualFree
VirtualAlloc
GetLocalTime
SetFilePointer
CreateFileA
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
lstrcmpA
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SetFileAttributesA
DeleteFileA
MoveFileExA
FindNextFileA
FindClose
RemoveDirectoryA
WriteFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetCommandLineA
GetCommandLineW
GetModuleFileNameA
GetCurrentProcessId
GetWindowsDirectoryA
GetLastError
SetEnvironmentVariableA
GlobalFree

ntdll

qsort
strstr
NtQuerySystemInformation
vsprintf
memmove
strrchr
RtlUnicodeStringToAnsiString
wcscmp
RtlFreeAnsiString
_strcmpi

setupapi

SetupGetLineTextA
SetupOpenInfFileA
SetupCloseInfFile

shell32

CommandLineToArgvW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_acmdln
__set_app_type
_except_handler3
_controlfp
exit
_cexit
_XcptFilter
_exit
_c_exit
malloc
realloc
free
__p__fmode

advapi32

DeregisterEventSource
RegisterEventSourceA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
FreeSid
SetFileSecurityA
SetFileSecurityW
SetSecurityDescriptorDacl
GetAclInformation
AddAce
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CopySid
GetLengthSid
ReportEventA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

XOR
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d25c2a241b5575fe68e0ce39f4748e98

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

setupapi

shell32

version

msvcrt

advapi32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

XOR Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

XOR
Size: 2KB - Virtual size: 2KB