3437e3543e3ea2ea8cd1a45271f66f98c380687684499385d3dda729fee8e5d7

Sharing

Copy URL Twitter E-mail

General

Target

3437e3543e3ea2ea8cd1a45271f66f98c380687684499385d3dda729fee8e5d7
Size

58KB
MD5

55fc5b6f6440dfb2b7e2093f644fc245
SHA1

caa78e6a9429c557d54c18a66c63f98788746b32
SHA256

3437e3543e3ea2ea8cd1a45271f66f98c380687684499385d3dda729fee8e5d7
SHA512

cb41f190dc9ee919a63484832abec800aa71c7509c640700c491509b58967516bc9681436d1a607803955846f380f28450ff7f25c80162caea35d4c96a92a161
SSDEEP

1536:rfIyRnAa2p89niSP62HPBguKh1/Az1zgSR:rEa2p8piSrPSAz1F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3437e3543e3ea2ea8cd1a45271f66f98c380687684499385d3dda729fee8e5d7

Files

3437e3543e3ea2ea8cd1a45271f66f98c380687684499385d3dda729fee8e5d7
.exe windows x86

f949e7dd41cbd9112a8f816ced34b3e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

user32

wsprintfA
MessageBoxA
MessageBoxTimeoutA
GetActiveWindow

shell32

ShellExecuteW
ShellExecuteA

kernel32

GetProcAddress
LCMapStringA
LoadLibraryA
FreeLibrary
DeleteFileA
GetPrivateProfileStringA
GetModuleFileNameA
GetUserDefaultLCID
IsBadReadPtr
HeapFree
GetCurrentProcess
CloseHandle
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
FindClose
CreateFileA
GetLastError
SetFilePointer
SetEndOfFile
GetFileAttributesW
LocalAlloc
CreateDirectoryW
LocalFree
OpenProcess
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc

psapi

GetModuleFileNameExW

shlwapi

PathIsDirectoryW
PathFileExistsA

msvcrt

strncmp
memmove
modf
realloc
_ftol
atoi
_CIfmod
malloc
free
sprintf
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler

oleaut32

VariantChangeType
VariantInit
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f949e7dd41cbd9112a8f816ced34b3e3

Headers

File Characteristics

Imports

ole32

user32

shell32

kernel32

psapi

shlwapi

msvcrt

oleaut32

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 51KB

.rsrc Size: 1024B - Virtual size: 696B

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 51KB

.rsrc
Size: 1024B - Virtual size: 696B