8a975d061363b62eafa0b2df7abba0e489a0bc63a41c692228b88b7f06039edb

Sharing

Copy URL

Twitter E-mail

General

Target

8a975d061363b62eafa0b2df7abba0e489a0bc63a41c692228b88b7f06039edb
Size

1.6MB
MD5

3dcbac2c1d221192689cb4ab5ba625aa
SHA1

f264afd4ac1195240e749a39856d46858c1322a0
SHA256

8a975d061363b62eafa0b2df7abba0e489a0bc63a41c692228b88b7f06039edb
SHA512

2e00d965cc5d50a6af93ff4c95fceb5d5c5e65e8a8b5f815eda6f8223e370854425c55f7fabb4d6c051fad58796c6f5953082de57ba7fa87ef74cd9d198a326d
SSDEEP

24576:RWXKCNjkPjpJYdDtKPxoVz6Cg0sZxA61l/8:jY3KJGWCwvH/8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a975d061363b62eafa0b2df7abba0e489a0bc63a41c692228b88b7f06039edb

Files

8a975d061363b62eafa0b2df7abba0e489a0bc63a41c692228b88b7f06039edb
.exe windows x86

00fdfd8157328443a6f0299bb8eac498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetLocalTime
SetEndOfFile
GetUserDefaultLangID
WaitForSingleObject
CreateThread
IsBadReadPtr
GetCurrentProcessId
SetUnhandledExceptionFilter
ReadFile
GetCommandLineW
LocalFree
SetEvent
InterlockedDecrement
FreeLibrary
GetSystemDefaultLangID
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
GetThreadLocale
FindClose
GlobalHandle
GlobalFree
SetFilePointer
CloseHandle
WriteFile
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
SizeofResource
MulDiv
GetProcessHeap
HeapFree
SetLastError
lstrlenA
LoadResource
LockResource
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoA
LocalAlloc
GetACP
InterlockedIncrement
HeapSize
GetOEMCP
SetStdHandle
GetStringTypeA
IsBadCodePtr
LCMapStringA
InterlockedExchange
HeapReAlloc
OutputDebugStringA
DebugBreak
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
TerminateProcess
HeapValidate
IsBadWritePtr
RtlUnwind
ExitProcess
GetVersionExA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

gdi32

SetMapMode
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetDeviceCaps
SetTextColor
CreateSolidBrush
DeleteObject
SetBkMode
CreatePen
SelectObject
MoveToEx
LineTo

comctl32

InitCommonControlsEx

xmlparse

XML_Parse
XML_ParserFree
XML_ParserCreate
XML_SetElementHandler
XML_SetUserData

gdiplus

GdipDisposeImage
GdipCloneImage
GdipGetImageDimension
GdiplusShutdown
GdiplusStartup
GdipSetSolidFillColor
GdipCreateLineBrushFromRectI
GdipSetPenColor
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawPolygonI
GdipFillPolygonI
GdipGetCellAscent
GdipGetLineSpacing
GdipGetFontHeight
GdipLoadImageFromFileICM
GdipDrawImageRectRectI
GdipMeasureString
GdipDrawRectangleI
GdipSetTextRenderingHint
GdipDeletePen
GdipCreatePen1
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteFont
GdipCreateFont
GdipIsStyleAvailable
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipCloneBrush
GdipCreateSolidFill
GdipLoadImageFromFile
GdipDeleteBrush

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HPCUE
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00fdfd8157328443a6f0299bb8eac498

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

comctl32

xmlparse

gdiplus

Sections

.text Size: 256KB - Virtual size: 253KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 11KB

.HPCUE Size: 4KB - Virtual size: 4B

.rsrc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 256KB - Virtual size: 253KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 11KB

.HPCUE
Size: 4KB - Virtual size: 4B

.rsrc
Size: 1.2MB - Virtual size: 1.9MB