8f6ed7a1d90ccde42cbb9edd123d749aa51e1d3d9e1bd39bca11b1a5eb3322e5

Sharing

Copy URL Twitter E-mail

General

Target

8f6ed7a1d90ccde42cbb9edd123d749aa51e1d3d9e1bd39bca11b1a5eb3322e5
Size

1.4MB
MD5

f03678351df439afd3dbebadd5a7b323
SHA1

3639e3c36451ffd19b492a0b92aa1cc3af579739
SHA256

8f6ed7a1d90ccde42cbb9edd123d749aa51e1d3d9e1bd39bca11b1a5eb3322e5
SHA512

e19187f18ae1817334e4971c9544836807cdffb2301dd44b1e20f42ad1725b08d1ec0243e48a07f2d436bc303a8a4221f1c7fcae4939b14d7c4a64312a07a6fa
SSDEEP

24576:532UutJzOQR5D9CqL5wCsvpJuoSs0wzFZAqVshDtClgjE2pTeHkfe/+BTKDHfP:xattDR5twDvhSIzIFJtClISE/BWDHf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f6ed7a1d90ccde42cbb9edd123d749aa51e1d3d9e1bd39bca11b1a5eb3322e5

Files

8f6ed7a1d90ccde42cbb9edd123d749aa51e1d3d9e1bd39bca11b1a5eb3322e5
.dll windows x86

7f6b20ed78c4e9c84283ce02279c8089

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetFileTitleW

crypt32

CertCompareCertificateName

wintrust

CryptCATGetAttrInfo
CryptCATEnumerateAttr

ole32

CreateStreamOnHGlobal
StgCreateDocfile
CoSetProxyBlanket
CoRevertToSelf
OleMetafilePictFromIconAndLabel
RegisterDragDrop

rpcrt4

I_RpcBindingInqTransportType
NdrSimpleTypeMarshall
NdrSimpleStructBufferSize

msvcrt

memset
iswprint

user32

AdjustWindowRect
GetIconInfo
DeleteMenu
GetClassLongW
GetGUIThreadInfo
ActivateKeyboardLayout
GetDlgItem
MonitorFromRect
VkKeyScanA
SetClipboardData

kernel32

SetConsoleCursorInfo
ConnectNamedPipe
GetFileSize
TryEnterCriticalSection
LockFile
GetUserDefaultLCID
GetBinaryTypeW
GetModuleFileNameW
GetModuleHandleA
GetModuleFileNameA
SetErrorMode
FindVolumeClose
GetLogicalDriveStringsA

shlwapi

SHCreateStreamOnFileW
StrCmpNA
AssocIsDangerous
StrRChrIA

gdi32

OffsetClipRgn
PlgBlt
SetColorSpace
SetWindowOrgEx
SelectClipPath
GetPolyFillMode

clusapi

GetClusterResourceNetworkName

advapi32

ReadEncryptedFileRaw
SetSecurityDescriptorSacl
GetSecurityDescriptorControl
CryptSetHashParam

oleaut32

DispCallFunc

opengl32

glMapGrid2d

Exports

Exports

TponfKheem

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 676KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yid
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FZrm5
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f6b20ed78c4e9c84283ce02279c8089

Headers

File Characteristics

Imports

comdlg32

crypt32

wintrust

ole32

rpcrt4

msvcrt

user32

kernel32

shlwapi

gdi32

clusapi

advapi32

oleaut32

opengl32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 14KB

CODE Size: 676KB - Virtual size: 672KB

.crt1 Size: 284KB - Virtual size: 280KB

yid Size: 92KB - Virtual size: 88KB

FZrm5 Size: 196KB - Virtual size: 192KB

.erloc Size: 52KB - Virtual size: 49KB

.CRT Size: 32KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 14KB

CODE
Size: 676KB - Virtual size: 672KB

.crt1
Size: 284KB - Virtual size: 280KB

yid
Size: 92KB - Virtual size: 88KB

FZrm5
Size: 196KB - Virtual size: 192KB

.erloc
Size: 52KB - Virtual size: 49KB

.CRT
Size: 32KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB