135b1191a955b924d07f53c5ce2a31ad

Sharing

Copy URL

Twitter E-mail

General

Target

135b1191a955b924d07f53c5ce2a31ad
Size

298KB
MD5

135b1191a955b924d07f53c5ce2a31ad
SHA1

8eeec6db1304062d8d5675af423187168306869c
SHA256

5cdce2d6eec92ebff2c1158db97c2f7771c672ece0959c964331addb2de01194
SHA512

89b33aaeba35d38fdfc59be64a6c998e4079ce6251d52cd460872301c1fec5d0b12f788a2b23cc6013a83c0a89a2ae5b7fc8056645563ae93bd6fee3ef67afd7
SSDEEP

6144:W6QcDGsSQMsYHDQAnwOYS2BiVqx394VpMolap/jyH6/:HrGscxHDQNtSHC9WDg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
135b1191a955b924d07f53c5ce2a31ad

Files

135b1191a955b924d07f53c5ce2a31ad
.exe windows:4 windows x86 arch:x86

9b7fdaff652ec0eaf6eb6e53335d8e58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameW
OutputDebugStringW
TlsFree
GetSystemTimeAsFileTime
HeapSize
FindFirstFileW
TlsSetValue
SetThreadAffinityMask
CloseHandle
HeapAlloc
ResumeThread
ResetEvent
IsProcessorFeaturePresent
WriteProcessMemory
RegisterWaitForSingleObject
VirtualAllocEx
SetFilePointer
OpenFileMappingW
CreateThread
EnterCriticalSection
WaitForMultipleObjects
GetModuleHandleA
TlsAlloc
HeapDestroy
GetThreadContext
GetProcessAffinityMask
UnhandledExceptionFilter
LeaveCriticalSection
lstrcmpiW
CreateFileW
DuplicateHandle
FindClose
LockResource
SwitchToThread
FormatMessageW
UnmapViewOfFile
SizeofResource
GetTempPathW
OpenThread
UnregisterWaitEx
LoadLibraryExW
LoadResource
GetModuleHandleW
HeapReAlloc
TlsGetValue
DeleteFileW
GetThreadPriority
WideCharToMultiByte
WaitForSingleObject
FormatMessageA
GetCurrentThreadId
FreeEnvironmentStringsW
lstrlenW
OpenProcess
FindResourceExW
GlobalLock
ReadFile
SetUnhandledExceptionFilter
CreateProcessW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetProcessHeap
RaiseException
SetLastError
LocalFree
GetSystemInfo
DeleteCriticalSection
FreeLibrary
SetEnvironmentVariableW
SuspendThread
FindResourceW
CreateEventW
LCMapStringW
LocalAlloc
HeapFree
MapViewOfFile
GetThreadLocale
ExpandEnvironmentStringsW
GlobalUnlock
GlobalAlloc
GetFileInformationByHandle

oleaut32

VariantClear
SysStringByteLen
VarUI4FromStr
SysStringLen
SysAllocStringByteLen
VarBstrCmp
VarBstrCat
SysFreeString
SysAllocStringLen
SysAllocString
VariantInit

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateGuid
CoUninitialize
StringFromCLSID
CoLockObjectExternal
CreateStreamOnHGlobal
CLSIDFromString
CoInitializeEx
CoTaskMemFree
CoCreateInstance

shell32

SHGetFolderPathW

advapi32

SetSecurityDescriptorDacl
IsValidSecurityDescriptor
RegCreateKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
OpenProcessToken
PrivilegeCheck
RegEnumKeyExW
RegDeleteValueW
AddAccessAllowedAce
RegCloseKey
SetSecurityDescriptorOwner
DuplicateToken
RegOpenKeyExW
InitializeSecurityDescriptor
InitializeAcl
RegDeleteKeyW
RegSetValueExW
AllocateAndInitializeSid
LookupPrivilegeValueW
FreeSid
SetSecurityDescriptorGroup
RegQueryValueExW
GetLengthSid
AccessCheck
AdjustTokenPrivileges
RegQueryValueExA
RegConnectRegistryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

user32

PeekMessageW
CharNextW
LoadStringW
PostThreadMessageW
TranslateMessage
CharUpperBuffW
DispatchMessageW
GetMessageW
UpdateWindow

comctl32

CreateStatusWindow
ImageList_EndDrag
ImageList_DragEnter
DestroyPropertySheetPage
ImageList_LoadImage
ImageList_DragShowNolock
InitMUILanguage
DrawStatusTextA
LBItemFromPt

msrle32

DriverProc

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 142KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b7fdaff652ec0eaf6eb6e53335d8e58

Headers

File Characteristics

Imports

kernel32

oleaut32

ole32

shell32

advapi32

version

user32

comctl32

msrle32

Sections

.text Size: 14KB - Virtual size: 13KB

.bss Size: 74KB - Virtual size: 1012KB

.reloc Size: 142KB - Virtual size: 418KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 48KB - Virtual size: 708KB

.rsrc Size: 14KB - Virtual size: 19KB

.text
Size: 14KB - Virtual size: 13KB

.bss
Size: 74KB - Virtual size: 1012KB

.reloc
Size: 142KB - Virtual size: 418KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 48KB - Virtual size: 708KB

.rsrc
Size: 14KB - Virtual size: 19KB