3244107060318e3f7124b03e298674e8abe1d981c495512fe624850d88f56285

General

Target

3244107060318e3f7124b03e298674e8abe1d981c495512fe624850d88f56285
Size

8.9MB
MD5

43bd2b7d3e639720863f6bbab062a533
SHA1

ac4cb7cdbeb59698726ac6db384bef3fd183a478
SHA256

3244107060318e3f7124b03e298674e8abe1d981c495512fe624850d88f56285
SHA512

211356b0bc9bef243a97aa7ddab7fe13455e32acedc1d434251660c6efb4ec287a617f1ddfdc161c929092b7ae005d814b673c44ca4b3c1d5761147c66c2d052
SSDEEP

196608:nJHWiMsPPIOPnOaw4jfCiJ0PM6ZeSy9fj03Ju6EGdkIgaSz4AmJrEm:nJHW/sPPcalfCiJBcIfj2Z3kTz4Am

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ļ 7.0.2.3821_x86_x64/ļ 7.0.2.3821_x64.exe
unpack001/ļ 7.0.2.3821_x86_x64/ļ 7.0.2.3821_x86.exe

Files

3244107060318e3f7124b03e298674e8abe1d981c495512fe624850d88f56285
.zip
ļ 7.0.2.3821_x86_x64/ļ 7.0.2.3821_x64.exe
.exe windows:5 windows x64

234ecae781a7845c972346b1edefdddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 4.4MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ļ 7.0.2.3821_x86_x64/ļ 7.0.2.3821_x86.exe
.exe windows:4 windows x86

234ecae781a7845c972346b1edefdddc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
_dllMain_Name@12
_mainB_@8
_mainW@16
_main_@4
main
main1
main5
mainB

Sections

.MPRESS1
Size: 4.4MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

234ecae781a7845c972346b1edefdddc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

user32

gdi32

advapi32

shell32

version

setupapi

Exports

Exports

Sections

.MPRESS1 Size: 4.4MB - Virtual size: 12.2MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 70KB - Virtual size: 69KB

234ecae781a7845c972346b1edefdddc

Headers

File Characteristics

Imports

kernel32

shlwapi

user32

gdi32

advapi32

shell32

version

setupapi

Exports

Exports

Sections

.MPRESS1 Size: 4.4MB - Virtual size: 11.9MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 70KB - Virtual size: 69KB

.MPRESS1
Size: 4.4MB - Virtual size: 12.2MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 70KB - Virtual size: 69KB

.MPRESS1
Size: 4.4MB - Virtual size: 11.9MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 70KB - Virtual size: 69KB