e637e8cab4e48fb0ba2b1fca03548f471d2b488f9572654a6f45a76ad460a3c7

Sharing

Copy URL Twitter E-mail

General

Target

e637e8cab4e48fb0ba2b1fca03548f471d2b488f9572654a6f45a76ad460a3c7
Size

148KB
MD5

78de0f438753e042407aa1a07f761d47
SHA1

cc9cd14183aa9379b663c7eb880f9a6dd5395362
SHA256

e637e8cab4e48fb0ba2b1fca03548f471d2b488f9572654a6f45a76ad460a3c7
SHA512

01c754fc2879804ff7c09b6452b23e247fb317c1874b5f353e9e5e340c87c3b3797efdf77091b75e21ecd364591f83679554b614428363bd0a61e0d65667cafb
SSDEEP

3072:lQzwatdimjKHDESwBpMYJtwuRrhRtQNzhK:lE8ESwTJU3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e637e8cab4e48fb0ba2b1fca03548f471d2b488f9572654a6f45a76ad460a3c7

Files

e637e8cab4e48fb0ba2b1fca03548f471d2b488f9572654a6f45a76ad460a3c7
.dll windows x86

0853fe57688e6a97952c9cae582c0527

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
DeleteCriticalSection
MultiByteToWideChar
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
LeaveCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
EnterCriticalSection
GetProcessHeap
InitializeCriticalSection
VirtualProtect
InterlockedIncrement
RtlMoveMemory
CloseHandle
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetModuleFileNameA
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA
GetVersion
GlobalFlags
WritePrivateProfileStringA
WideCharToMultiByte
SetLastError
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
WriteFile
GetCPInfo
GetOEMCP
GetCommandLineA
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy

ole32

CLSIDFromString
CoInitialize
CoCreateInstance
ReleaseStgMedium
DoDragDrop
IsEqualGUID

user32

GetSysColorBrush
LoadStringA
DestroyMenu
LoadCursorA
LoadIconA
wsprintfA
MessageBoxA
MessageBeep
MapWindowPoints
GetSysColor
AdjustWindowRectEx
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect

urlmon

CopyStgMedium

shell32

ord74

gdi32

GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

comctl32

ord17

Exports

Exports

A2W
aaabbb
�ڴ�_��
�ڴ�_��ֽڼ�
�ڴ�_д��
ȡWindowsĿ¼
ȡ��ַ
ȡ��ݵ�ַ
�ı��GUDI
ָ�뵽��

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0853fe57688e6a97952c9cae582c0527

Headers

File Characteristics

Imports

kernel32

ole32

user32

urlmon

shell32

gdi32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 10KB