7fddaac4e8553705b2a5446791e6df47

Sharing

Copy URL

Twitter E-mail

General

Target

7fddaac4e8553705b2a5446791e6df47
Size

436KB
MD5

7fddaac4e8553705b2a5446791e6df47
SHA1

50436c243ece999bec579ea5a18516d9119b68d1
SHA256

fcd1c25b4cac18e915240d22819bb7839cad6563b311d9ee5a66233c594c6362
SHA512

3501c360b69ffe0ac537652f5e06da021570b22979af9e942cf0155ffef301c470ad0f2a23f95ca0d224292b0c1f965d4f22d21a29f04ced7aeae28c53b834e3
SSDEEP

12288:EvT1+i+eRbPqeSIvNMenaJ8NECkSNDopGI5coPYb:Ev3F+ex1MrwECBf3oPYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

7fddaac4e8553705b2a5446791e6df47

resource
7fddaac4e8553705b2a5446791e6df47

Files

7fddaac4e8553705b2a5446791e6df47
.dll windows:4 windows x86 arch:x86

41236dcb3f0ee486c9586fc42b5b299b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetCurrentProcess
HeapFree
LoadLibraryW
Sleep
GetModuleFileNameW
CreateFileW
GetTempPathW
GetCurrentDirectoryW
GetLocalTime
CreateSemaphoreW
HeapWalk
DeviceIoControl
VirtualProtect
TlsAlloc
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetLastError
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

userenv

LeaveCriticalPolicySection

msimg32

AlphaBlend
TransparentBlt
GradientFill

Exports

Exports

Forever
Hurryindicate
Knewface
Radioindicate
Skill
Songfelt
TellWay

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41236dcb3f0ee486c9586fc42b5b299b

Headers

File Characteristics

Imports

kernel32

userenv

msimg32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 4KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 4KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB