6a1f06a91089509e1045849b2eba55b9b45730360564c79f0aaf39d3568d0317N

General

Target

6a1f06a91089509e1045849b2eba55b9b45730360564c79f0aaf39d3568d0317N
Size

132KB
MD5

2b4e03fd4aa0d635929ec5fed3adfff0
SHA1

aacd4754f9ced3995c14ad54cc63c6b9c4c528ea
SHA256

6a1f06a91089509e1045849b2eba55b9b45730360564c79f0aaf39d3568d0317
SHA512

414d455b30f7ea36c5eb68ee95f4522fd62abd5b1e6ddf458cebf2d151760e9990427f29f2dfc0ee84da50c9bcce6c93056f3703b9338d5586b673ac6e8eb30e
SSDEEP

3072:0SnTPlb+NJKBC5CH+xF7vCww95YeoLoSqtIzp:1Tt+WBC564ubYe5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a1f06a91089509e1045849b2eba55b9b45730360564c79f0aaf39d3568d0317N

Files

6a1f06a91089509e1045849b2eba55b9b45730360564c79f0aaf39d3568d0317N
.exe windows:4 windows x86 arch:x86

72d16d785da065a0b83f237563501c22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\VmFilter\Setup\SetupFilter\Release\SetupFilter.pdb

Imports

kernel32

GetLastError
lstrlenA
GetVersionExA
LocalFree
InterlockedExchange
LoadLibraryA
IsBadCodePtr
FormatMessageA
LoadLibraryExA
FreeLibrary
IsBadReadPtr
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
ExitProcess
RaiseException
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
HeapSize

user32

SetCursor
MessageBoxA
LoadCursorA

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA

setupapi

SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72d16d785da065a0b83f237563501c22

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

setupapi

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB