7bfac997c1ae607d6cf892a433591d58efa01b202fcc24c8b91f2b0e61cbf134N

Sharing

Copy URL

Twitter E-mail

General

Target

7bfac997c1ae607d6cf892a433591d58efa01b202fcc24c8b91f2b0e61cbf134N
Size

144KB
MD5

3336a6cbe4e90a39f9ef161510de6170
SHA1

3acce503a9bc5d207fe530ffada6f9fb4cc10574
SHA256

7bfac997c1ae607d6cf892a433591d58efa01b202fcc24c8b91f2b0e61cbf134
SHA512

07f6a1cf4f74c3f2d5443a7235404797edad7495f0b54284a6caabc251c77fc8eb4455345b4592912a04ac03e50c4f91deb4d53d0bd70613153228f8e51901c3
SSDEEP

3072:SqPMk+fuxeuGiwZm11l6wuleTYu2ySJ/3yGAQ:Spk6uI9iwZkX6wseTXvS9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bfac997c1ae607d6cf892a433591d58efa01b202fcc24c8b91f2b0e61cbf134N

Files

7bfac997c1ae607d6cf892a433591d58efa01b202fcc24c8b91f2b0e61cbf134N
.dll windows:4 windows x86 arch:x86

b08e54f11546f7604d022fa021e6ff3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

emptyres.pdb

Imports

kernel32

GetTimeZoneInformation
SetEndOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
CompareStringW
CompareStringA
InterlockedExchange
HeapSize
RtlUnwind
InitializeCriticalSection
SetFilePointer
VirtualQuery
GetSystemInfo
VirtualProtect
VirtualAlloc
SetStdHandle
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCPInfo
GetOEMCP
GetACP
UnhandledExceptionFilter
SetEnvironmentVariableW
SetEnvironmentVariableA
FlushFileBuffers
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
FileTimeToSystemTime
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
WideCharToMultiByte
DeleteCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
GetVersionExA
CreateThread
GetCurrentThreadId
ExitThread
GetFileAttributesA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
TerminateProcess
GetModuleHandleA
ExitProcess
FindClose
FindNextFileA
FindFirstFileA
GetExitCodeThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
IsSystemResumeAutomatic
FileTimeToLocalFileTime
GetDriveTypeA
GetFullPathNameA
ReadFile
GetCurrentDirectoryA

advapi32

RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

FindMemoryTest

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

adata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b08e54f11546f7604d022fa021e6ff3f

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 28KB

adata Size: 64KB - Virtual size: 63KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 4KB - Virtual size: 590B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 28KB

adata
Size: 64KB - Virtual size: 63KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 4KB - Virtual size: 590B