473385140c63cdfab93a6e0e27752d1ac4837d4807e03a515b919b1f886c113c

Sharing

Copy URL Twitter E-mail

General

Target

473385140c63cdfab93a6e0e27752d1ac4837d4807e03a515b919b1f886c113c
Size

113KB
MD5

759b6750f9709914d33f0b50b031e0bb
SHA1

481b2bac5eeb65bbc7dafca0a5742295e7bcb3e0
SHA256

473385140c63cdfab93a6e0e27752d1ac4837d4807e03a515b919b1f886c113c
SHA512

3c71c4e5ae10cc7b855cf194592cf3bbe08455a0e2991098f77fded025a506f79ac5ca262daa1493b0581385e5fdf2c5fd9103e09507b9b217be0e4b058664f2
SSDEEP

3072:8AtTGdvW+IA93XhdT1Xd1uMEUJ1Guo5V2L+vzjvw:8PdvW+5RZd7i5Jvzjvw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
473385140c63cdfab93a6e0e27752d1ac4837d4807e03a515b919b1f886c113c

Files

473385140c63cdfab93a6e0e27752d1ac4837d4807e03a515b919b1f886c113c
.exe windows:4 windows x64 arch:x64

860623c675e564ec83c1c9672e04deb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\admin\documents\visual studio 2005\projects\1233333\x64\release\1233333.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryW
GetProcAddress
GetModuleHandleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
GetLastError
RaiseException
RtlPcToFileHeader
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
HeapReAlloc

shell32

ShellExecuteA

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

860623c675e564ec83c1c9672e04deb9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 176B