35a64e204f70f9cf885232e505a456c0b4fe04d8c4f626ce57908280663bf4da

Sharing

Copy URL

Twitter E-mail

General

Target

35a64e204f70f9cf885232e505a456c0b4fe04d8c4f626ce57908280663bf4da
Size

199KB
MD5

9151df37c7e5cc1e0a682073e845bce3
SHA1

c3b9797cf2ecdea4eb4a547fac3dc14498df9eb5
SHA256

35a64e204f70f9cf885232e505a456c0b4fe04d8c4f626ce57908280663bf4da
SHA512

bc955664e15a02e38c2362fbeba80f274a4314b2f9b0091ad48c46485c2f9daa334f541cae76bd83fe3dd53a0fe0a860658f4d95f40c86b34fae9bacc6b25843
SSDEEP

1536:O7Zwdrbn30y5xDgBU3dH97mC0UGPapnHb36oeOl2pXHiYl1GKrm5XzAUp2PvXVha:n5RAC2PCnHjMOcplGKrm5XzcfWz2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35a64e204f70f9cf885232e505a456c0b4fe04d8c4f626ce57908280663bf4da

Files

35a64e204f70f9cf885232e505a456c0b4fe04d8c4f626ce57908280663bf4da
.exe windows:5 windows x86 arch:x86

a25409c825daace358ff58c6934806fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DebugActiveProcess
SetVolumeLabelA
GetNumaProcessorNode
MoveFileExA
GetConsoleAliasExesLengthA
CallNamedPipeA
InterlockedDecrement
GetLogicalDriveStringsW
GlobalSize
SetDefaultCommConfigW
GlobalLock
GetModuleHandleW
GetTickCount
FormatMessageA
GlobalAlloc
GetConsoleMode
GetLocaleInfoW
GetSystemWow64DirectoryW
GetProcessHandleCount
HeapCreate
GetTimeFormatW
GetConsoleAliasW
SetConsoleCursorPosition
GetFileAttributesW
GetModuleFileNameW
GetACP
GetStartupInfoW
GetStringTypeExA
GetStdHandle
ReadConsoleOutputCharacterA
GetProcAddress
MoveFileW
VirtualAllocEx
LoadLibraryA
InterlockedExchangeAdd
OpenWaitableTimerW
SetCommMask
FindAtomA
SetNamedPipeHandleState
OpenFileMappingW
FreeEnvironmentStringsW
BuildCommDCBA
PurgeComm
GetVersionExA
LocalFileTimeToFileTime
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
MultiByteToWideChar
HeapAlloc
GetLastError
HeapReAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
FlushFileBuffers
SetStdHandle
CreateFileA

ole32

CoTaskMemAlloc

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 39.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a25409c825daace358ff58c6934806fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 18KB - Virtual size: 39.0MB

.rsrc Size: 63KB - Virtual size: 63KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 18KB - Virtual size: 39.0MB

.rsrc
Size: 63KB - Virtual size: 63KB