7ea51c84f595b017df64c4bb5f1dbab43a6ebe96223fed6ad58f3be4c0b89e2c

Sharing

Copy URL Twitter E-mail

General

Target

7ea51c84f595b017df64c4bb5f1dbab43a6ebe96223fed6ad58f3be4c0b89e2c
Size

88KB
MD5

a999d5cef0bbcab04ec4e270312b5d52
SHA1

c9f4fd415730948d0d23c2a3812dd554d182b3d6
SHA256

7ea51c84f595b017df64c4bb5f1dbab43a6ebe96223fed6ad58f3be4c0b89e2c
SHA512

01d74ba64d13c3050551f4951fc0b6c0dd1fc6c4fad452d08dccf97ec57a1962270328378f3655fe4b1caa11f33b28ce3a759489acc33f2e25b38cc992d2eaba
SSDEEP

1536:j5TVf02+AAVV57+IdNEe2Hvdt9d/ErryNt5QC:74/gP0yNt5QC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ea51c84f595b017df64c4bb5f1dbab43a6ebe96223fed6ad58f3be4c0b89e2c

Files

7ea51c84f595b017df64c4bb5f1dbab43a6ebe96223fed6ad58f3be4c0b89e2c
.exe windows x86

2bb7f991d85b7e75df7a8dbb6bb6045c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetExitCodeThread
GetLastError
CreateDirectoryA
GetTickCount
GetTempPathA
GetVersionExA
CreateMutexA
ProcessIdToSessionId
GetCurrentProcessId
GetPrivateProfileStringA
GetSystemDefaultLangID
GetPrivateProfileIntA
SetLastError
EnterCriticalSection
GetCurrentThreadId
RaiseException
FlushInstructionCache
GetCurrentProcess
FindResourceExA
SetEvent
LockResource
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LeaveCriticalSection
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
ResetEvent
CloseHandle
CreateEventA
WaitForSingleObject
SizeofResource
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
RtlUnwind
ExitThread
CreateThread
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer

user32

EndDialog
wsprintfA
GetActiveWindow
ShowWindow
GetDlgItem
SetDlgItemTextA
PostMessageA
SendMessageA
UnregisterClassA
SetWindowLongA
DialogBoxParamA
MessageBoxA
SetWindowTextA

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteExA
ord680

ole32

CoUninitialize
CoInitialize

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

wintrust

WinVerifyTrust

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bb7f991d85b7e75df7a8dbb6bb6045c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

shell32

ole32

urlmon

wininet

wintrust

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 784B

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 784B