2243b4409683b0ab40415b9d9c7b8e1702116fb224b91fc0249934b9479ca82b

Sharing

Copy URL Twitter E-mail

General

Target

2243b4409683b0ab40415b9d9c7b8e1702116fb224b91fc0249934b9479ca82b
Size

33KB
MD5

0e3bc805812db0c650a107c269ad0e60
SHA1

feef3b49d94e46c410c40248183b7ea161a967a6
SHA256

2243b4409683b0ab40415b9d9c7b8e1702116fb224b91fc0249934b9479ca82b
SHA512

1ee30d38e210358c5d1be8344f81017851db033edeb1619e5831b90dfddb31e93a8902baea4cba598f92fb4f85cb194e904bb84751128544c21d65719b7596b0
SSDEEP

768:a1Km0FKdvpjTJiHOyXcdCubTWMYInsqdzFpoGsQbSdWCYZ4F:a4mbvRTJiHjcd5bT1jTzFpHb+YmF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2243b4409683b0ab40415b9d9c7b8e1702116fb224b91fc0249934b9479ca82b

Files

2243b4409683b0ab40415b9d9c7b8e1702116fb224b91fc0249934b9479ca82b
.exe windows:5 windows x86 arch:x86

99f0922107666544b27935aad2ad1f42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ntsd.pdb

Imports

msvcrt

exit
_cexit
_XcptFilter
__initenv
_c_exit
_stricmp
atoi
__getmainargs
_exit
_initterm
__setusermatherr
strrchr
sscanf
_strnicmp
strtoul
rewind
calloc
fgetc
tolower
_strcmpi
getenv
printf
isspace
fopen
_snprintf
strncpy
_iob
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fgets
fclose
sprintf
_spawnlp
_vsnprintf

kernel32

FormatMessageA
LocalAlloc
FreeLibrary
InterlockedExchange
GetModuleFileNameA
CreateEventA
GetModuleHandleA
SetPriorityClass
GetCurrentThread
GetCommandLineA
GetEnvironmentVariableA
SetConsoleCtrlHandler
GetCurrentProcess
DuplicateHandle
GetStdHandle
GetPriorityClass
CreateProcessA
SetStdHandle
SetLastError
GetVersionExA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
RaiseException
CreateNamedPipeA
CreateFileA
GetLastError
AllocConsole
OutputDebugStringA
WriteFile
ExitProcess
InterlockedDecrement
ReadFile
GetCurrentProcessId
SetEvent
Sleep
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
WaitForSingleObject
CloseHandle
SetThreadPriority
CreateThread

dbgeng

DebugCreate
DebugConnect

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

XOR
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

99f0922107666544b27935aad2ad1f42

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

dbgeng

advapi32

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

XOR Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

XOR
Size: 2KB - Virtual size: 2KB