7104f635a41839bac7835703f06f744e

Sharing

Copy URL

Twitter E-mail

General

Target

7104f635a41839bac7835703f06f744e
Size

95KB
MD5

7104f635a41839bac7835703f06f744e
SHA1

2ca12e1bf681180799a2f277c13218418bb9f1bb
SHA256

88502f27ab03c34af7ceda2bb6fecda42ae227e74e8a5e52346db749e200d134
SHA512

9d61715d705363073b8b6e645c462095e7bd039aa67013f7907162d7f47cc151be6bbcddd2292cdc03859327525e87ef0e0090609701a4507ea8f4715db95c7a
SSDEEP

1536:auj56ycNa0SNndwAhRvTlrYZUkGnP3+RBJWPnhdTW8tBniRgR:auj5+NJINhRvTHlnP3+RB4pYwBi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7104f635a41839bac7835703f06f744e

Files

7104f635a41839bac7835703f06f744e
.exe windows x86

65624f92376796124f44332f088e6bfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
lstrcmpiA
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
AssignProcessToJobObject
CreateJobObjectW
SetFilePointer
GetPrivateProfileSectionNamesW
ResumeThread
GetPrivateProfileStringW
Sleep
lstrcpyA
GetCurrentProcessId
CreateProcessA
TerminateJobObject
lstrcmpiW
GetCommandLineW
GetCurrentProcess
TerminateProcess
lstrcmpA
SetFileAttributesW
ExitProcess
lstrcmpW
SetErrorMode
ExitThread
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
MapViewOfFile
FindClose
TerminateThread
CreateFileMappingW
MoveFileW
GetVersionExW
WaitForMultipleObjects
FreeLibrary
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetEnvironmentVariableA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateFileMappingA
SetEnvironmentVariableA
GetEnvironmentVariableW
GetCurrentThreadId
ProcessIdToSessionId
GetTickCount64
WTSGetActiveConsoleSessionId
GetTempFileNameW
lstrcpyW
CopyFileW
CreateProcessW
GetFileSize
MoveFileExW
LocalFree
GlobalLock
GetProcAddress
CreateThread
CloseHandle
DeleteFileW
GlobalAlloc
lstrcatW
LoadLibraryA
FlushViewOfFile
GetLastError
FormatMessageW
GetModuleHandleA
lstrcatA
UnmapViewOfFile
GetFileAttributesW
CreateFileW
LocalAlloc
WaitForSingleObject
lstrlenA
VirtualAlloc
GetTickCount
lstrcpynW
WriteFile
lstrlenW
VirtualFree
ReadFile
ExpandEnvironmentStringsW
GetWindowsDirectoryW

user32

GetProcessWindowStation
GetDesktopWindow
GetUserObjectInformationW
GetThreadDesktop
MonitorFromWindow
ToAscii
SetForegroundWindow
PtInRect
OpenDesktopW
MenuItemFromPoint
HiliteMenuItem
ActivateKeyboardLayout
PrintWindow
BringWindowToTop
GetTopWindow
CreateDesktopW
SetWindowLongA
VkKeyScanExA
GetKeyboardState
GetMenuItemCount
SetActiveWindow
SetWindowPos
GetDC
GetMenu
GetWindow
GetKeyboardLayoutList
CloseWindow
PostMessageW
GetWindowRect
SendMessageTimeoutW
SendMessageTimeoutA
ScreenToClient
WindowFromPoint
GetWindowPlacement
IsWindow
CloseDesktop
GetKeyboardLayout
MoveWindow
SetFocus
LoadKeyboardLayoutA
SystemParametersInfoA
GetParent
IsWindowVisible
SetThreadDesktop
GetWindowLongA
GetWindowTextW
OemToCharA
GetClassNameW
CharLowerA
GetWindowThreadProcessId
FindWindowExW
PostMessageA
wsprintfA
FindWindowW
EnumDesktopWindows
OpenClipboard
wvsprintfW
CloseClipboard
wvsprintfA
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
EmptyClipboard

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateDCA
GetDIBits
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreatePen
Rectangle
DeleteDC

advapi32

RegQueryValueA
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegQueryValueExW
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegSetValueA
RegEnumKeyA
GetTokenInformation

shell32

ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65624f92376796124f44332f088e6bfd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB