db087aef4730561079db4d14f0211a83cc65fe7fd9705a84a1e4972590e1d124

General

Target

db087aef4730561079db4d14f0211a83cc65fe7fd9705a84a1e4972590e1d124
Size

29KB
MD5

3ab87eef7cbd3b606ac90e0d08bac186
SHA1

5d9fb7e57765df50fa1104e142d46460c7e1efb0
SHA256

db087aef4730561079db4d14f0211a83cc65fe7fd9705a84a1e4972590e1d124
SHA512

6b15e7e3601b940012419ce5734945ef9da5bb721f1dec7893f9c671b021650697e3f7a7dabbc3ec53820045d5f2aae11aa02e20f298fbcc9e24d1816329a2a2
SSDEEP

768:O9k0MQ6QvUJg6vpAaoeFccIM7cg9PD9POkz:wk0MQZvUrmSIMAg9r99

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/бухруз /keymaker.exe

Files

db087aef4730561079db4d14f0211a83cc65fe7fd9705a84a1e4972590e1d124
.zip
бухруз /keymaker.exe
.exe windows x86

27489e3d9f1b23cac9bde88128a1b8bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlRandom
RtlComputeCrc32
RtlMoveMemory
RtlZeroMemory

kernel32

CloseHandle
CreateFileA
CreateMutexA
ExitProcess
GetFileInformationByHandle
GetLastError
GetModuleHandleA
GlobalAlloc
GlobalFree
lstrcatA
lstrlenA
FindResourceA
LoadResource
LockResource
SetLastError
SizeofResource
MulDiv

comctl32

InitCommonControls

user32

GetDC
wsprintfA
SetWindowTextA
SetDlgItemTextA
SendMessageA
SendDlgItemMessageA
ReleaseCapture
MessageBoxA
LoadIconA
GetDlgItemTextA
GetDlgItem
FindWindowA
EnableWindow
DialogBoxParamA
CharLowerBuffA
EndDialog

shlwapi

SHSetValueA
SHGetValueA

shell32

IsUserAnAdmin

gdi32

DeleteObject
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap

ole32

CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoInitialize

oleaut32

OleLoadPicture

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27489e3d9f1b23cac9bde88128a1b8bc

Headers

File Characteristics

Imports

ntdll

kernel32

comctl32

user32

shlwapi

shell32

gdi32

ole32

oleaut32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 35KB - Virtual size: 34KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 35KB - Virtual size: 34KB