8fa380e570917467e10e6ffc09d9e5cbc72f63414cc2f140adfd4319676b60eb

Sharing

Copy URL

Twitter E-mail

General

Target

8fa380e570917467e10e6ffc09d9e5cbc72f63414cc2f140adfd4319676b60eb
Size

639KB
MD5

80830e1059e2c18903f08ee351c6d4fe
SHA1

eba9633a898a56495a2ba2556755ef2ab969e48c
SHA256

8fa380e570917467e10e6ffc09d9e5cbc72f63414cc2f140adfd4319676b60eb
SHA512

c28a26b503432716e1a4e81803fca9ded2f30cfc75ea0078bb352e3ad6839ca84fbc35e691606914f7df714fec29c85c93d90860a2d5e84536e0eed6897187a0
SSDEEP

12288:fKKY+pSW6rcCXnXFwQk7nkeHo6uIIAIo/c888888888888W88888888888bqXpR:Cu56oCXnXFwQk7nbHo6uIIroMUn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fa380e570917467e10e6ffc09d9e5cbc72f63414cc2f140adfd4319676b60eb

Files

8fa380e570917467e10e6ffc09d9e5cbc72f63414cc2f140adfd4319676b60eb
.exe windows x86

2fba0a2c195dc1acb208b42fc03fa6f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegCloseKey

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
ReleaseDC
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
LoadIconW
GetSystemMetrics
GetSysColor
GetDC
CharUpperBuffW
CharNextW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
TerminateProcess
SwitchToThread
Sleep
SignalObjectAndWait
SetLastError
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathW
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetComputerNameW
GetCPInfo
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
SetTextColor
SetROP2
SetBkMode
SetBkColor
SelectPalette
SelectObject
MoveToEx
GetTextMetricsW
GetSystemPaletteEntries
GetStockObject
GetDeviceCaps
GetCurrentPositionEx
DeleteObject
DeleteDC
CreatePenIndirect
CreatePalette
CreateFontIndirectW
CreateBrushIndirect

ole32

CoInitialize

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2fba0a2c195dc1acb208b42fc03fa6f5

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

ole32

shell32

Sections

.text Size: 406KB - Virtual size: 405KB

.itext Size: 3KB - Virtual size: 3KB

.data Size: 11KB - Virtual size: 10KB

.bss Size: - Virtual size: 23KB

.idata Size: 5KB - Virtual size: 4KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 33KB - Virtual size: 32KB

.rsrc Size: 162KB - Virtual size: 164KB

.text
Size: 406KB - Virtual size: 405KB

.itext
Size: 3KB - Virtual size: 3KB

.data
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 162KB - Virtual size: 164KB