1357397d877acf39c39000ecb4613abe

Sharing

Copy URL

Twitter E-mail

General

Target

1357397d877acf39c39000ecb4613abe
Size

292KB
MD5

1357397d877acf39c39000ecb4613abe
SHA1

ea07351c43ea0402ad7d4440c2a09c23bdf664ef
SHA256

7df670518208f5f5f931f93509272b6329ef8b9e7f1fca5023b056f9f3eae182
SHA512

e2cb269d06dc659259e1de7a48865b0276ac2e236f4eb86d577d1e37d57c039357f2821c1bd80dd8e5e84678fe8c86d02ee3f7ca21a121297e48bb317af787b7
SSDEEP

6144:6DHKNSe98Duv6Jaj0yzcfjGdX8XikhhDQrr65DVm3kOA0TME+QnpmHHP9Z/fTC:GKNSDuyJaoyOjGdX8XikhhDQrr65DVmo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1357397d877acf39c39000ecb4613abe

Files

1357397d877acf39c39000ecb4613abe
.exe windows:4 windows x86 arch:x86

997493c9a4d18d804db0d049a1d7ef3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetNamedSecurityInfoW
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW

kernel32

FreeLibrary
SetErrorMode
GetTempPathW
GetTickCount
IsBadReadPtr
SetLastError
lstrcpyW
LoadLibraryExW
LoadLibraryExA
GetStartupInfoA
GetLogicalDriveStringsW
GetLogicalDriveStringsA
GetDriveTypeW
GetDriveTypeA
GetComputerNameA
GetTempPathA
lstrcpynW
GetModuleHandleW
GetModuleHandleA
GetFileAttributesW
LocalAlloc
LocalFree
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
CreateFileW
CreateFileA
CreateEventW
lstrlenW
GetVersionExA
CreateEventA
CreateThread
GlobalSize
WideCharToMultiByte
GetWindowsDirectoryA
GetCurrentProcessId
GetLocalTime
QueryPerformanceCounter
GlobalMemoryStatus
GetSystemInfo
GetSystemTime
CloseHandle
SetFileAttributesA
CopyFileExW
GetACP
GetShortPathNameA
LoadLibraryW
GetDiskFreeSpaceA
GetWindowsDirectoryW
GetFileAttributesA
GetFileSize
SetFileAttributesW
FindClose
GetLastError
WaitForSingleObject
InterlockedDecrement
MultiByteToWideChar
LoadLibraryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
EnterCriticalSection
InterlockedIncrement
DeviceIoControl
ResetEvent
LeaveCriticalSection
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
GetThreadLocale
GetProcAddress
GetCurrentThreadId
SetEvent

wmvcore

WMCreateEditor
WMCreateReaderPriv

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoCreateGuid
CoUninitialize
StringFromGUID2
OleSaveToStream
GetHGlobalFromStream
OleLoadFromStream
CLSIDFromString
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VariantClear
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
GetErrorInfo
VariantCopy
SysAllocStringLen
SystemTimeToVariantTime
SysFreeString
VariantInit

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetFolderPathW
SHGetFileInfoA

winmm

mmioAscend
mmioOpenW
mmioOpenA
mmioSeek
mmioDescend
mmioRead
mmioClose

wininet

RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW

avifil32

AVIStreamRelease
AVIFileInit
AVIFileRelease
AVIStreamSampleToTime
AVIFileInfoW
AVIFileGetStream
AVIFileOpenA
AVIFileOpenW
AVIFileInfoA
AVIStreamLength
AVIStreamInfoA
AVIStreamInfoW
AVIStreamReadFormat
AVIFileExit

msvcrt

wcscoll
_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
vswprintf
wcsspn
wcscspn
memcpy
strcpy
strcat
strlen
memset
memcmp
wcsncat
_wtol
iswalpha
_beginthreadex
memmove
towlower
_wcslwr
towupper
_wcsupr
_ui64tow
wcsncmp
_wcsnicmp
wcscmp
wcsrchr
_wcsicmp
strstr
wcscat
wcschr
wcsncpy
wcsstr
_wsplitpath
_wmakepath
wcslen
??2@YAPAXI@Z
wcscpy
??3@YAXPAX@Z
_vsnwprintf
wcspbrk
_ltow
wcstol
_wcsicoll

user32

wvsprintfW
SetWindowLongW
SetWindowLongA
DefWindowProcW
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
FindWindowExW
FindWindowExA
SendMessageA
RegisterWindowMessageW
UnregisterClassW
UnregisterClassA
RegisterClassW
RegisterClassA
PostQuitMessage
GetCursor
SetCursor
RegisterWindowMessageA
CreateWindowExA
CreateWindowExW
DefWindowProcA
DispatchMessageA
DispatchMessageW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
LoadCursorA
LoadCursorW
LoadStringA
LoadStringW

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

997493c9a4d18d804db0d049a1d7ef3d

Headers

File Characteristics

Imports

advapi32

kernel32

wmvcore

ole32

oleaut32

shell32

winmm

wininet

avifil32

msvcrt

user32

Sections

.text Size: 204KB - Virtual size: 201KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 12KB - Virtual size: 20KB

.text
Size: 204KB - Virtual size: 201KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 12KB - Virtual size: 20KB