9931be4df5c668c42b10f1feda0ceb08c8b94cc87421ceb82ed645addd2ed372

Sharing

Copy URL Twitter E-mail

General

Target

9931be4df5c668c42b10f1feda0ceb08c8b94cc87421ceb82ed645addd2ed372
Size

2.2MB
MD5

39e0297c233866da9520033087b0d6c5
SHA1

c895844ecb572179a0a11a9c7bbf2ff39306d93e
SHA256

9931be4df5c668c42b10f1feda0ceb08c8b94cc87421ceb82ed645addd2ed372
SHA512

6552c84ec1e4e4f31911a2547db8a1059c4be29c081afb909a590428801d41a470c9943bffbd2aaf56114454decd98aabbfcc0ef9734cb23c79d1218664c2b09
SSDEEP

49152:VC2fKv1FRBvb2w5/jrFMS2IqlDah9KWvo2OLy0txWC:E2S3zKw5/vFMFVahoWw6s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9931be4df5c668c42b10f1feda0ceb08c8b94cc87421ceb82ed645addd2ed372

Files

9931be4df5c668c42b10f1feda0ceb08c8b94cc87421ceb82ed645addd2ed372
.dll windows:5 windows x86

de072608ed2190e830799fc6231552f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GetUserDefaultLCID
GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
TerminateProcess
DisconnectNamedPipe
LocalFlags
TransmitCommChar
InterlockedPushEntrySList
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
GetExitCodeProcess
VirtualAlloc
GetSystemTimeAsFileTime
GetProcessHeap
GetOverlappedResult
SetEvent

user32

GetWindowInfo
GetClipCursor
DispatchMessageW
GetMessageA
GetMenuContextHelpId
CreateIconIndirect
DeferWindowPos
InternalGetWindowText
CascadeWindows
PostQuitMessage
UpdateWindow
GetUpdateRgn
ShowWindow

version

GetFileVersionInfoSizeW

gdi32

SetPixelV
GetEnhMetaFileW
GetFontLanguageInfo

ole32

ReadClassStg

advapi32

RegCreateKeyExA
TreeResetNamedSecurityInfoW
CryptEncrypt
ControlService
AllocateLocallyUniqueId

oleaut32

SysAllocStringLen
SafeArrayCreate
VarI2FromStr

shlwapi

StrRChrW

setupapi

SetupDiDestroyDeviceInfoList

msvcrt

ldiv
ispunct
memset

lz32

GetExpandedNameW
LZOpenFileA
LZOpenFileW
LZCopy

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

de
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de072608ed2190e830799fc6231552f2

Headers

File Characteristics

Imports

kernel32

user32

version

gdi32

ole32

advapi32

oleaut32

shlwapi

setupapi

msvcrt

lz32

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 184KB - Virtual size: 181KB

PACK Size: 76KB - Virtual size: 74KB

.qdata Size: 32KB - Virtual size: 30KB

de Size: 172KB - Virtual size: 169KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 184KB - Virtual size: 181KB

PACK
Size: 76KB - Virtual size: 74KB

.qdata
Size: 32KB - Virtual size: 30KB

de
Size: 172KB - Virtual size: 169KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 76KB - Virtual size: 75KB