f0a42a8de3247d2a3ed599f5b2bc22327fd68819f85bc60ced4ade75ba5a0399

Sharing

Copy URL Twitter E-mail

General

Target

f0a42a8de3247d2a3ed599f5b2bc22327fd68819f85bc60ced4ade75ba5a0399
Size

10.5MB
MD5

173a315bf9e3650dfb10e53aa86748c4
SHA1

613bda120932e3a3ecdec3e7ff4af33f4c407d34
SHA256

f0a42a8de3247d2a3ed599f5b2bc22327fd68819f85bc60ced4ade75ba5a0399
SHA512

d77bf2a8e729eadf8b9c630ed56dd480f6124c893e107e6a2919ae3145b4f7f4c100854670c8bd9abdab6f771712915b221a095f4b990e3304197af8748966aa
SSDEEP

196608:Y2VRb7VNbP1CjyDwQzDonHeUNxkcfaGBIiUZc9BDal:Y2j7VkycQzDonHJNKxGyiSc9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0a42a8de3247d2a3ed599f5b2bc22327fd68819f85bc60ced4ade75ba5a0399

Files

f0a42a8de3247d2a3ed599f5b2bc22327fd68819f85bc60ced4ade75ba5a0399
.exe windows:4 windows x86

da93ad942a6f93af36beafe6c2be1e51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleA

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

winmm

midiStreamRestart

ws2_32

gethostname

rasapi32

RasGetConnectStatusA

user32

LoadStringA

gdi32

GetStockObject

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

comdlg32

ChooseColorA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

OleCreatePictureIndirect

comctl32

ImageList_ReplaceIcon

wininet

InternetConnectA

secur32

GetUserNameExA

urlmon

URLDownloadToFileW

shlwapi

StrTrimA

iphlpapi

GetAdaptersInfo

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

.text
Size: - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mapo
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mapo
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mapo2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da93ad942a6f93af36beafe6c2be1e51

Headers

File Characteristics

Imports

kernel32

msvfw32

avifil32

winmm

ws2_32

rasapi32

user32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

secur32

urlmon

shlwapi

iphlpapi

Exports

Exports

Sections

.text Size: - Virtual size: 10.6MB

.mapo Size: 7.5MB - Virtual size: 7.5MB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.mapo Size: 152KB - Virtual size: 152KB

.mapo2 Size: 4KB - Virtual size: 4KB

.text
Size: - Virtual size: 10.6MB

.mapo
Size: 7.5MB - Virtual size: 7.5MB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.mapo
Size: 152KB - Virtual size: 152KB

.mapo2
Size: 4KB - Virtual size: 4KB