bb3f52d1b0457f63d81eab07be88298b7e9d1253bcda2c7ffe83d678d75ee7cd

Sharing

Copy URL Twitter E-mail

General

Target

bb3f52d1b0457f63d81eab07be88298b7e9d1253bcda2c7ffe83d678d75ee7cd
Size

99KB
MD5

b74f0b4ce9370098b81e1fb87753fca1
SHA1

9a5ce4faffb43797526db96cf052d8861b404839
SHA256

bb3f52d1b0457f63d81eab07be88298b7e9d1253bcda2c7ffe83d678d75ee7cd
SHA512

bc152272fb210b04306f7846e34a46f2d25a0144e6fd8ad2a84d7a9e8ca7c9deb56185122dc90e3659b422628a66be1ad1ac0dfa6db5f4352347d6b5fd133521
SSDEEP

1536:edyf6Unx3rp51+mh+9OW0q3Gm1DP7v+FPKUP9YALQO6shf4y1v:edyCsxdjh+gW0Rm12FPKcSO6sGW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb3f52d1b0457f63d81eab07be88298b7e9d1253bcda2c7ffe83d678d75ee7cd

Files

bb3f52d1b0457f63d81eab07be88298b7e9d1253bcda2c7ffe83d678d75ee7cd
.exe windows x86

8a9880f54a92aadf55ce7f85aa2c7e64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueW
PathFileExistsW

kernel32

CloseHandle
WriteFile
CreateFileW
LockResource
LoadResource
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
MultiByteToWideChar
ReadFile
SetFilePointer
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetProcAddress
LoadLibraryExW
ExpandEnvironmentStringsW
lstrlenW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
RemoveDirectoryW
DeleteFileW
lstrcmpiW
CreateDirectoryW
SizeofResource
FindClose
FindNextFileW
FindFirstFileW
GetUserDefaultLCID
GetModuleFileNameW
MoveFileExW
GetLastError
EnumResourceNamesW
GetTempPathW
FindFirstFileExW
SetProcessWorkingSetSize
GetCurrentProcess
ExitProcess
GetModuleHandleW
LocalFree
GetCommandLineW
VirtualFree
VirtualAlloc
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FindResourceW
GetTickCount
HeapReAlloc
GetLocaleInfoA
RtlUnwind
HeapSize
IsValidCodePage
GetOEMCP
Sleep
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP

user32

GetDesktopWindow
SetForegroundWindow
ShowWindow
wsprintfW
MessageBoxW

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20.7MB - Virtual size: 20.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a9880f54a92aadf55ce7f85aa2c7e64

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 45KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 20.7MB - Virtual size: 20.7MB

.text
Size: 45KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 20.7MB - Virtual size: 20.7MB