36138fe1156ccac6edae238f6922cf931e105d8c49a66ea2810a3d950e2875db

Sharing

Copy URL

Twitter E-mail

General

Target

36138fe1156ccac6edae238f6922cf931e105d8c49a66ea2810a3d950e2875db
Size

2.2MB
MD5

1e52032beea319d4bd9679c22c4897ac
SHA1

8d79acd7a8df60dda5e29a61668b9ac8dfb753ff
SHA256

36138fe1156ccac6edae238f6922cf931e105d8c49a66ea2810a3d950e2875db
SHA512

bc12e08f7b32fd3318422dc1c3193e3b039e3dc361f33af31c467ba616c089b3fade662684511c24795cd35be55d0fd0aea24399fb36cf3977767d003f17be94
SSDEEP

49152:Ml59uSthWi0ovdWi65VidP+s6cLrf+oSoEMW8IdZPJRVE4RCRz:u59uEwDOd/OidP+YbRgf8IPPJH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36138fe1156ccac6edae238f6922cf931e105d8c49a66ea2810a3d950e2875db

Files

36138fe1156ccac6edae238f6922cf931e105d8c49a66ea2810a3d950e2875db
.dll windows:5 windows x86

19f7bd9cde1ecdeb7e9dffd5cfe9189a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA

oleaut32

SafeArrayCreate
VarI2FromStr
SysAllocStringLen

kernel32

SetEvent
EnterCriticalSection
VirtualAlloc
GetProcessHeap
WaitForSingleObject
GetSystemTimeAsFileTime
GetExitCodeProcess
GetUserDefaultLCID
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExA
TerminateProcess
LeaveCriticalSection
LocalFlags
TransmitCommChar
GetOverlappedResult
EnumResourceNamesW
DeleteCriticalSection
InterlockedPushEntrySList
DisconnectNamedPipe

advapi32

GetNumberOfEventLogRecords
InitiateSystemShutdownW
AddUsersToEncryptedFile
CryptEncrypt
DecryptFileW

lz32

LZCopy
LZOpenFileA
LZOpenFileW
LZSeek

shell32

Shell_NotifyIconW

ole32

OleDestroyMenuDescriptor

gdi32

GetTextMetricsA
SetPixelV
SetWinMetaFileBits

setupapi

SetupDiDestroyDeviceInfoList

user32

GetWindowInfo
DeferWindowPos
GetMenuContextHelpId
DrawFocusRect
DlgDirSelectComboBoxExW
PostQuitMessage
GetMessageA
InvertRect
ShowWindow
UpdateWindow
AttachThreadInput
GetUpdateRgn
CreateIconIndirect
InternalGetWindowText

msvcrt

memset
strlen
rewind

Sections

.text
Size: 776KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19f7bd9cde1ecdeb7e9dffd5cfe9189a

Headers

File Characteristics

Imports

version

oleaut32

kernel32

advapi32

lz32

shell32

ole32

gdi32

setupapi

user32

msvcrt

Sections

.text Size: 776KB - Virtual size: 773KB

.rdata Size: 836KB - Virtual size: 835KB

.data Size: 164KB - Virtual size: 167KB

PACK Size: 392KB - Virtual size: 391KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 776KB - Virtual size: 773KB

.rdata
Size: 836KB - Virtual size: 835KB

.data
Size: 164KB - Virtual size: 167KB

PACK
Size: 392KB - Virtual size: 391KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 63KB