69abaad5a33a50a2da5283f8378a5900339866ee6cc8aec119b6a07643a118adN

General

Target

69abaad5a33a50a2da5283f8378a5900339866ee6cc8aec119b6a07643a118adN
Size

1.3MB
MD5

015194204e7d55a4713b6b23484d2d00
SHA1

b67bd46e2d900e7418d1f2262668e236c8523bcd
SHA256

69abaad5a33a50a2da5283f8378a5900339866ee6cc8aec119b6a07643a118ad
SHA512

a7b94d7cf91df557f910a3ae1c33f28718c062c9a78da3dd7eae9cab6763a757b50ccd4a3b8c9c59344ecf357e2bc1cc051023613f9da2b7c3487aabac5952f7
SSDEEP

24576:6Utb/mSdwlfK+U8B12IATXbrl2pK2fG4YA/QKf7CjoSO/jW1excTAljA3FYu+:XhelfR1yLrQpK2O4FQeV61exPaut

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69abaad5a33a50a2da5283f8378a5900339866ee6cc8aec119b6a07643a118adN

Files

69abaad5a33a50a2da5283f8378a5900339866ee6cc8aec119b6a07643a118adN
.exe windows:4 windows x86 arch:x86

a41f098da840b5142985370f86bfac74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfW
PathFindFileNameW
StrCmpNIA
wvnsprintfW
PathMatchSpecW
PathCombineW
StrCmpNIW
PathRemoveFileSpecW
wnsprintfA
PathFileExistsW

user32

GetDlgItemTextA
GetIconInfo
GetWindowThreadProcessId
FindWindowExA
CloseDesktop
ToUnicode
SetThreadDesktop
GetWindowLongA
GetCursorPos
GetKeyState
ExitWindowsEx
SetProcessWindowStation
GetKeyboardState
OpenDesktopA
SendMessageA
OpenWindowStationA
MsgWaitForMultipleObjects
CharLowerBuffA
GetWindowTextA
LoadCursorA

kernel32

VirtualAlloc
VirtualProtect
lstrcpyW
FindClose
GetTickCount
GetFileSize
GetFileAttributesA
lstrcpynW
GetLocalTime
MultiByteToWideChar
WaitForSingleObject
InitializeCriticalSection
ResetEvent
SetFileTime
SystemTimeToFileTime
GetTimeZoneInformation
GetFileSizeEx
SetFilePointer
lstrcmpiA
lstrcmpiW
GetVersionExW
HeapReAlloc
lstrcatW

advapi32

DuplicateTokenEx
CryptAcquireContextW
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
GetUserNameW
CryptReleaseContext
RegCloseKey
RegDeleteValueA
CryptCreateHash
CryptGetHashParam

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a41f098da840b5142985370f86bfac74

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

kernel32

advapi32

Sections

.text Size: 65KB - Virtual size: 65KB

.data Size: 512B - Virtual size: 16KB

.text
Size: 65KB - Virtual size: 65KB

.data
Size: 512B - Virtual size: 16KB