0f639aefe7aaae115dd5b8e370a72b70186b73928a9940e6ba57c9671838738d

Sharing

Copy URL Twitter E-mail

General

Target

0f639aefe7aaae115dd5b8e370a72b70186b73928a9940e6ba57c9671838738d
Size

340KB
MD5

1f3cfbd9acfc6dddfcc15f1b7fcc9c03
SHA1

88452608c3b0343490417c8b12ea96aa9de0ff1b
SHA256

0f639aefe7aaae115dd5b8e370a72b70186b73928a9940e6ba57c9671838738d
SHA512

5d491252203c94f2d56d2dc1052efe5d6f96f80da902981fbc71da0e06d487e6823b5f941e4dd4d83b376abfcb077d0e0d9f96dd2b09993e10f6f97aec49c9c9
SSDEEP

6144:klklsHqEpRXM3uJRKzYvpkJbH4EPlXL6G/R1YSf:GklEqSM3uJ1xk9YEPlXL9f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f639aefe7aaae115dd5b8e370a72b70186b73928a9940e6ba57c9671838738d

Files

0f639aefe7aaae115dd5b8e370a72b70186b73928a9940e6ba57c9671838738d
.exe windows x86

27ca6f1b27f540e38f487efce4782e42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCursorInfo
FillConsoleOutputAttribute
EraseTape
DeleteVolumeMountPointW
EnumSystemLocalesA
GetProcessAffinityMask
LocalFree
GlobalFindAtomA
HeapCreate
AddConsoleAliasA
HeapWalk
LoadLibraryA
LoadLibraryExW
GetModuleHandleW
LockFile
GetModuleHandleA
GetLocaleInfoW
SetFileAttributesW
GlobalAddAtomW
FindFirstFileA
GetProcAddress
GetCurrentConsoleFont

winspool.drv

FindNextPrinterChangeNotification

user32

GetWindowRect
IsWindow
SetCursor
GetClipboardFormatNameA
ShowCaret
InsertMenuA

wininet

RetrieveUrlCacheEntryStreamW

powrprof

IsPwrHibernateAllowed
GetPwrCapabilities

ole32

CoFreeUnusedLibrariesEx

advapi32

LookupPrivilegeNameW

msvcrt

memset

gdi32

GetBitmapBits
GetObjectW
GetSystemPaletteUse
GetCharWidthW
GetDeviceCaps

Sections

.rda
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m5Fih
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27ca6f1b27f540e38f487efce4782e42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

user32

wininet

powrprof

ole32

advapi32

msvcrt

gdi32

Sections

.rda Size: 304KB - Virtual size: 302KB

.rdata Size: 4KB - Virtual size: 3KB

.data1 Size: 20KB - Virtual size: 28KB

.m5Fih Size: 4KB - Virtual size: 864B

.reloc Size: 4KB - Virtual size: 1KB

.rda
Size: 304KB - Virtual size: 302KB

.rdata
Size: 4KB - Virtual size: 3KB

.data1
Size: 20KB - Virtual size: 28KB

.m5Fih
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 1KB