b9bf9c16208b7129ecbc591385e86bfdec85029692dcc64363668e82b9090b03[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b9bf9c16208b7129ecbc591385e86bfdec85029692dcc64363668e82b9090b03.exe
Size

257KB
MD5

fef8b7c4ab3ef6d676537122c5442424
SHA1

233cefb80a7d5f33dead43b364b2c250ea0aeba1
SHA256

b9bf9c16208b7129ecbc591385e86bfdec85029692dcc64363668e82b9090b03
SHA512

71444b4da847c7e5ebe53102dd0dc918064f56b55d696a649caea0219b2fe57b143cf34460b7cafb59012ab89be0fc4199be8c56b6aae1a68768134c7a696ed9
SSDEEP

6144:sZTlnN3HxAhazaSK4QM5HTPmOFGOGt/HqixmyYVgGo5nO:mUM5LFfG5dflO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9bf9c16208b7129ecbc591385e86bfdec85029692dcc64363668e82b9090b03.exe

Files

b9bf9c16208b7129ecbc591385e86bfdec85029692dcc64363668e82b9090b03.exe
.exe windows:4 windows x86 arch:x86

050afd4377373813224987acb5135daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupCloseInfFile
SetupCopyOEMInfW
SetupDiGetINFClassW
SetupGetInfFileListW
SetupOpenInfFileW
SetupUninstallOEMInfW
SetupGetLineTextW

ole32

CoUninitialize
StringFromGUID2
CoTaskMemFree
CoInitialize
CoInitializeEx
CoCreateInstance

user32

DispatchMessageW
GetMessageW
IsWindowUnicode
GetMessageA
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageA
TranslateMessage

kernel32

VirtualAlloc
DeleteCriticalSection
VerSetConditionMask
CreateEventW
FlushFileBuffers
TlsGetValue
WriteConsoleA
CloseHandle
SetHandleCount
GetCurrentThreadId
ExitThread
OutputDebugStringW
GetConsoleCP
GetCommandLineW
GetSystemInfo
FreeLibrary
GetModuleHandleW
GetConsoleMode
LCMapStringA
SetUnhandledExceptionFilter
LCMapStringW
GetModuleHandleA
HeapDestroy
GetSystemDirectoryW
SizeofResource
ReadFile
DeleteFileW
VerifyVersionInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
LoadResource
TerminateThread
LocalFree
RtlUnwind
UnhandledExceptionFilter
OpenProcess
GetConsoleOutputCP
FindResourceW
GetFileSize
EnterCriticalSection
WaitForMultipleObjects
lstrlenW
SetLastError
HeapFree
SetFilePointer
GetStdHandle
WriteFile
IsDebuggerPresent
HeapSize
LeaveCriticalSection
CreateThread
HeapReAlloc
WaitForSingleObject
GetSystemTimeAsFileTime
GetLocalTime
WriteConsoleW
GetACP
LoadLibraryExW
VirtualFree
GetOEMCP
GetProcessHeap
TlsSetValue
TlsAlloc
ResetEvent
FreeEnvironmentStringsW
CreateFileW
LockResource
IsValidCodePage
SetStdHandle
HeapAlloc
TlsFree
WideCharToMultiByte
ResumeThread
CreateFileA
RaiseException
SetFileAttributesW
FindResourceExW
GetFullPathNameA
VirtualAllocEx
LocalAlloc

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW

advapi32

RegEnumValueW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
TraceMessage
RegDeleteValueW

shlwapi

SHCopyKeyW
PathIsUNCServerW
PathStripPathW
SHDeleteKeyW
PathFileExistsW
PathAppendW
PathAddBackslashW
PathRemoveFileSpecW

dbghelp

MakeSureDirectoryPathExists
SymEnumerateSymbolsW
SymLoadModuleEx
ImageRvaToVa
SymGetSymNext
SymLoadModule64
SymGetTypeFromName
SymGetLineNext64
UnDecorateSymbolName
SymSetContext
SymGetModuleInfo
SymGetSymFromAddr64
EnumerateLoadedModules
SymGetSymPrev64

printui

PrinterPropPageProvider
DocumentPropertiesWrap
vDocumentDefaults

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RSrv
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MoDk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IiUjAp
Size: 1024B - Virtual size: 929B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OaRtLe
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FGIB
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JGVDv
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FiyYSmH
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

050afd4377373813224987acb5135daa

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

ole32

user32

kernel32

shell32

advapi32

shlwapi

dbghelp

printui

Sections

.text Size: 97KB - Virtual size: 97KB

.RSrv Size: 2KB - Virtual size: 1KB

.MoDk Size: 4KB - Virtual size: 4KB

.IiUjAp Size: 1024B - Virtual size: 929B

.data Size: 6KB - Virtual size: 173KB

.rdata Size: 129KB - Virtual size: 128KB

.OaRtLe Size: 1KB - Virtual size: 1KB

.FGIB Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.JGVDv Size: 5KB - Virtual size: 4KB

.FiyYSmH Size: 3KB - Virtual size: 2KB

.text
Size: 97KB - Virtual size: 97KB

.RSrv
Size: 2KB - Virtual size: 1KB

.MoDk
Size: 4KB - Virtual size: 4KB

.IiUjAp
Size: 1024B - Virtual size: 929B

.data
Size: 6KB - Virtual size: 173KB

.rdata
Size: 129KB - Virtual size: 128KB

.OaRtLe
Size: 1KB - Virtual size: 1KB

.FGIB
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.JGVDv
Size: 5KB - Virtual size: 4KB

.FiyYSmH
Size: 3KB - Virtual size: 2KB