13278a50e73b2fc39b89c912726515ba

General

Target

13278a50e73b2fc39b89c912726515ba
Size

332KB
MD5

13278a50e73b2fc39b89c912726515ba
SHA1

39ed4b13dd18ec80c3a50e2b2f97cc0573f648d2
SHA256

4fb6229c4ed6e7ff221251a29cf5f75431ccefd8cd879d8d12b9b2345e8cbf28
SHA512

8903e7d4855345aa79564f2dcda83fa8bf64ab42770c14b8bc1be682d837167b55131fb35ba0709c56c7ba000dc3daa650ba533c64f38f48b3984519a21b7e86
SSDEEP

6144:NvYKZdZt2GBjqpe3llA/9R6OdvP+EnsT+emUtQypdALHXfde:NjY0eyo/9ndXBCp6Tle

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13278a50e73b2fc39b89c912726515ba

Files

13278a50e73b2fc39b89c912726515ba
.exe windows:4 windows x86 arch:x86

a4725d924cda4cecbbcca1c221b33679

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
lstrlenA
lstrcmpiW
GetProcessHeap
InterlockedIncrement
GetLocaleInfoA
GetStringTypeW
GetUserDefaultLCID
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
GetCPInfo
FileTimeToSystemTime
GetCommandLineA
GetStringTypeA
VirtualProtect
GetOEMCP
GetACP
LoadLibraryA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapAlloc
HeapFree
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InterlockedExchange
VirtualQuery
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetSystemInfo

user32

SetWindowTextW
EnableWindow
GetWindowTextLengthW
GetWindowTextW
CreateDialogParamW
GetKeyState
GetDlgItem
SendMessageW
GetWindowLongW
GetClientRect
SetWindowLongW

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

ole32

CoUninitialize
CoTaskMemAlloc
CreateBindCtx
PropVariantClear
PropVariantCopy
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoInitializeEx

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4725d924cda4cecbbcca1c221b33679

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 288KB - Virtual size: 571KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 288KB - Virtual size: 571KB

.rsrc
Size: 4KB - Virtual size: 1KB