0241fed9dcf8aaad1825382591718a59f8a33255c7db87524fd5f4eb653626e0N

Sharing

Copy URL Twitter E-mail

General

Target

0241fed9dcf8aaad1825382591718a59f8a33255c7db87524fd5f4eb653626e0N
Size

596KB
MD5

99d91a5ca408888ad0139ba017c263b0
SHA1

ee00c4cbb144833ea37557e09dab4d036cf491e3
SHA256

0241fed9dcf8aaad1825382591718a59f8a33255c7db87524fd5f4eb653626e0
SHA512

8910a22fe0a3a660e22fb8c8220abe6df6356eea3c342614dddb658bef7bc5c200fe605abdbde0ba50a61fa0e5fef9aae9f2bd083dff0bcfd4a204ed043bc164
SSDEEP

12288:zoRHn4Hb3Fttfn3uv8rN/epedENAXMuk5jVRCOqtmdWK:z2HnK1XrJepedEC45Bwfmc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0241fed9dcf8aaad1825382591718a59f8a33255c7db87524fd5f4eb653626e0N

Files

0241fed9dcf8aaad1825382591718a59f8a33255c7db87524fd5f4eb653626e0N
.exe windows:5 windows x64 arch:x64

b1a835062f01143680b8ec160e4c6fb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleFileNameA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
CopyFileA
GetLastError
lstrlenA
LoadLibraryA
CreateDirectoryA
WinExec
GetModuleHandleA
GetProcAddress
Sleep
CreateFileA
WriteFile
lstrcatA
CloseHandle
CreateFileW
HeapSize
GetProcessHeap
SetEndOfFile
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCommandLineA
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
DecodePointer
HeapFree
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleHandleW
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetExitCodeProcess
WaitForSingleObject
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
ReadFile
HeapAlloc
LoadLibraryW
LCMapStringW
GetStringTypeW
HeapReAlloc
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
SetFilePointer

user32

wsprintfA

advapi32

OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA
CloseServiceHandle
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
StartServiceCtrlDispatcherA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 496KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1a835062f01143680b8ec160e4c6fb9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 496KB - Virtual size: 508KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 496KB - Virtual size: 508KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB