5f3b17581cef4deb86647c41c1591b46001fa2c881b54f04dcbe5ec3caf9b14c

Sharing

Copy URL Twitter E-mail

General

Target

5f3b17581cef4deb86647c41c1591b46001fa2c881b54f04dcbe5ec3caf9b14c
Size

86KB
MD5

99e1b2f16769ebb5c85bf0168d1c9a8f
SHA1

88c6540cb4b1f4adf7a66079b5430599cd788fb7
SHA256

5f3b17581cef4deb86647c41c1591b46001fa2c881b54f04dcbe5ec3caf9b14c
SHA512

b4851a243a0bcddf29f78b2a33b90204fb88830949be74ff9ff609a7e5b6337751fa754e056342654194d068ef5e3cdf50a61e0e3021fc88aafff01eaabfdeb4
SSDEEP

1536:ySfNEy7p+hJrLHgyjznv4ABOxfSwL2NkLxaCzGZF3Qjcalb78NELOD/QaYOw9GW3:rfHl+hhLHgyjzv4ABOxfSwL2NkLxaCz0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f3b17581cef4deb86647c41c1591b46001fa2c881b54f04dcbe5ec3caf9b14c

Files

5f3b17581cef4deb86647c41c1591b46001fa2c881b54f04dcbe5ec3caf9b14c
.exe windows:5 windows x64

81e0452b77b300d963bccde5cd962fd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comdlg32

PrintDlgW

gdi32

EndPage
EnumFontFamiliesExW
GetDeviceCaps
GetOutlineTextMetricsW
GetStockObject
GetTextMetricsW
LineTo
MoveToEx
SelectObject
StartDocW
StartPage
TextOutW
AddFontResourceW
RemoveFontResourceW
GetFontResourceInfoW
DeleteObject
EndDoc
CreateFontIndirectW
DeleteDC

shell32

CommandLineToArgvW

user32

SendMessageW
ShowWindow
SendDlgItemMessageW
PostQuitMessage
PostMessageW
MessageBoxW
LoadStringW
LoadIconW
IsDialogMessageW
GetMessageW
GetDlgItem
EndDeferWindowPos
EnableWindow
DispatchMessageW
DeferWindowPos
TranslateMessage
BeginDeferWindowPos
UpdateWindow
SetWindowLongPtrW
SetScrollInfo
ScrollWindowEx
ReleaseDC
RegisterClassExW
LoadCursorW
InvalidateRect
GetWindowLongPtrW
GetScrollInfo
GetDC
GetClientRect
EndPaint
DefWindowProcW
BeginPaint
FillRect
SetProcessDefaultLayout
CreateWindowExW

msvcrt

__lconv_init
wcslen
swprintf
free
malloc
wcscat
memcpy
__setusermatherr
_amsg_exit
__wgetmainargs
__set_app_type
exit
_cexit
_fpreset
_initterm
__winitenv
_wcmdln
signal
memset

kernel32

TlsGetValue
LeaveCriticalSection
InitializeCriticalSection
GetLastError
EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetUserDefaultUILanguage
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
Sleep
SetUnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
GetModuleHandleA
LocalFree
GetWindowsDirectoryW
GetModuleHandleW
GetFullPathNameW
GetFileAttributesW
GetCommandLineW
FormatMessageW
CopyFileW
MulDiv
lstrcpynW
lstrcatW

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81e0452b77b300d963bccde5cd962fd1

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

gdi32

shell32

user32

msvcrt

kernel32

advapi32

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 8KB

.pdata Size: 1024B - Virtual size: 552B

.rsrc Size: 62KB - Virtual size: 62KB

.reloc Size: 512B - Virtual size: 40B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 8KB

.pdata
Size: 1024B - Virtual size: 552B

.rsrc
Size: 62KB - Virtual size: 62KB

.reloc
Size: 512B - Virtual size: 40B