d97336bfda10d4c1278e77ee754ce75da1556cff5d4b1ee9ff3f7a5529e74e4a

Sharing

Copy URL Twitter E-mail

General

Target

d97336bfda10d4c1278e77ee754ce75da1556cff5d4b1ee9ff3f7a5529e74e4a
Size

520KB
MD5

a0e482cfb63e709e0de96ca482c58b06
SHA1

586c29c961545e7f390a211090df98ebb8e33187
SHA256

d97336bfda10d4c1278e77ee754ce75da1556cff5d4b1ee9ff3f7a5529e74e4a
SHA512

693df121f2d135938d3034994211c6f424aaa31e88c695e6e61b0c9f9ccf3908ce4acb6a5e1b3684d58c024a33a1e8183977923928d5f2191a358983b9470c13
SSDEEP

6144:UiaLZyfafQ1Wx1HwO6Q8t5NHckGK0FxK2hyJIhuOmEd1FVxl:UiaNm+Q1WnHwNQQ5BP0XK2EEd1FV3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d97336bfda10d4c1278e77ee754ce75da1556cff5d4b1ee9ff3f7a5529e74e4a

Files

d97336bfda10d4c1278e77ee754ce75da1556cff5d4b1ee9ff3f7a5529e74e4a
.exe windows x86

305e4a9c1fa41f441e176668d55d1c0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
LoadLibraryW
GetModuleHandleW
OutputDebugStringW
GetPrivateProfileStringW
CloseHandle
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
CreateProcessW
MoveFileExW
RemoveDirectoryW
GetLastError
GetFileAttributesW
WaitForSingleObject
Process32NextW
OpenProcess
Process32FirstW
CreateMutexW
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
FlushFileBuffers
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
LoadLibraryA
SetFilePointer
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
WriteFile
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
SetErrorMode
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
DuplicateHandle
SearchPathW
GetCurrentProcess
CreateEventW
WriteProcessMemory
SetUnhandledExceptionFilter
VirtualAllocEx
RtlUnwind
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoW
GetVersion
ExitProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
MultiByteToWideChar
LCMapStringA
LCMapStringW
FatalAppExitA
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree

user32

SetWindowPos
IsWindow
FindWindowExW
SetForegroundWindow
MessageBoxW
IsWindowVisible
ShowWindow
GetParent
wsprintfW
GetWindowPlacement
EnumWindows
FindWindowW
GetWindowThreadProcessId

shell32

SHFileOperationW

psapi

GetModuleFileNameExW

ws2_32

WSAStartup
gethostbyname
WSACleanup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvmp
Size: 338KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

305e4a9c1fa41f441e176668d55d1c0f

Headers

File Characteristics

Imports

kernel32

user32

shell32

psapi

ws2_32

version

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 40KB - Virtual size: 40KB

.tvmp Size: 338KB - Virtual size: 340KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 40KB - Virtual size: 40KB

.tvmp
Size: 338KB - Virtual size: 340KB