b873cc626acb82fd6f7f68cd1948e28956321fded36e2c2a16bbd975b7d53e3c

Sharing

Copy URL

Twitter E-mail

General

Target

b873cc626acb82fd6f7f68cd1948e28956321fded36e2c2a16bbd975b7d53e3c
Size

134KB
MD5

0fbc229582231e8e8f59fb3dba5d4780
SHA1

d061b026c16ae11137471acffce47a4da0b886ad
SHA256

b873cc626acb82fd6f7f68cd1948e28956321fded36e2c2a16bbd975b7d53e3c
SHA512

d833adde5b04e65cf1a43bcc96aab579fd320f2eadec0d8500ab2f0dd02894c2920674abd9c317774a0e7a16a6a704f22ef24b053fd466f7b8517df5ce24bfb2
SSDEEP

3072:g1dFtiiMKt8JkPh+a9G7dqjy+XjBXUrqN7vHWY+o/ls8XbM:gVtiikkPhby+N2Yn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b873cc626acb82fd6f7f68cd1948e28956321fded36e2c2a16bbd975b7d53e3c

Files

b873cc626acb82fd6f7f68cd1948e28956321fded36e2c2a16bbd975b7d53e3c
.exe windows:6 windows x86 arch:x86

f4e5f66e4fdde30b4a539a47b6eb5cb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Data\Projects\OLReg9.5\OLRStateCheck\Release\OLRStateCheck.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LocalFree
FormatMessageW
GetPrivateProfileStringW
VerSetConditionMask
SetFileAttributesW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
WritePrivateProfileStringW
GetPrivateProfileStructW
WritePrivateProfileStructW
VerifyVersionInfoW
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetExitCodeProcess
GetCurrentProcess
WaitForSingleObject
GetLastError
CloseHandle
OutputDebugStringW
FlushFileBuffers
CreateFileW
GetPrivateProfileIntW
GetCurrentThreadId
GetConsoleMode
GetConsoleCP
HeapReAlloc
LCMapStringW
GetCommandLineW
EncodePointer
DecodePointer
RaiseException
RtlUnwind
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
WriteFile
GetProcessHeap
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsProcessorFeaturePresent
HeapAlloc
HeapFree
HeapSize
Sleep
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
WideCharToMultiByte

user32

PeekMessageW
DispatchMessageW
TranslateMessage

advapi32

GetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW

shell32

ord165
SHGetSpecialFolderPathW
ShellExecuteExW

shlwapi

PathFileExistsW
PathRemoveBackslashW
PathRemoveFileSpecW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4e5f66e4fdde30b4a539a47b6eb5cb6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 9KB - Virtual size: 8KB