180bb4096818344fa9874bcb252b8a87900a0f9861d75a71859a7d8b629b2237N

Sharing

Copy URL

Twitter E-mail

General

Target

180bb4096818344fa9874bcb252b8a87900a0f9861d75a71859a7d8b629b2237N
Size

50KB
MD5

0d20f67c4790219816869e7f0b037fb0
SHA1

b8d9bc207d15e01a94f1d9229adeb78abee539b6
SHA256

180bb4096818344fa9874bcb252b8a87900a0f9861d75a71859a7d8b629b2237
SHA512

cb2feb26685113056f9af735f0ddcc62c52c8041ed934e828d9e879b18b77733a2dfd5a6011a365d0cb4a7ccfcc036ed7a80ae9a968eb1539f07fc4e54ef0c53
SSDEEP

768:uwsbi4i9QebPsnUrukDDd828fRRTnqQGPL4vzZq2o9W7GsxBbPr:uwsbi4i9QKPQUrdPR+RTnJGCq2iW7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
180bb4096818344fa9874bcb252b8a87900a0f9861d75a71859a7d8b629b2237N

Files

180bb4096818344fa9874bcb252b8a87900a0f9861d75a71859a7d8b629b2237N
.exe windows:5 windows x86 arch:x86

d09a14e1fb5c5aa5a973010186c50390

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_time64
toupper
system
atoi
strchr
__iob_func
malloc
calloc
free
strncmp
_flushall
_gmtime64
vprintf
_wfreopen
_vsnprintf
memcpy
memset

rpcrt4

RpcStringFreeA
RpcServerUseProtseqEpA
RpcMgmtStopServerListening
RpcServerListen
RpcServerRegisterIfEx
NdrServerCall2
RpcBindingServerFromClient
RpcStringFreeW
RpcBindingFree
RpcBindingToStringBindingW
RpcStringBindingParseW
UuidToStringA

kernel32

GetSystemTime
CompareStringA
GetLocalTime
GetLastError
MultiByteToWideChar
CompareStringW
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineW
GetSystemTimeAsFileTime
SetConsoleCP
GetConsoleCP
WideCharToMultiByte

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CryptSetHashParam
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptAcquireContextW
CryptGetHashParam

shell32

CommandLineToArgvW

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�s1�u
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d09a14e1fb5c5aa5a973010186c50390

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

kernel32

advapi32

shell32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

�s1�u Size: 16KB - Virtual size: 20KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

�s1�u
Size: 16KB - Virtual size: 20KB