1856139312ef4a4aa899a771be26506b

Sharing

Copy URL

Twitter E-mail

General

Target

1856139312ef4a4aa899a771be26506b
Size

246KB
MD5

1856139312ef4a4aa899a771be26506b
SHA1

3f3407b5da5eaec470694817aefa5e817797588d
SHA256

680de17fc49c1d656fe4d1bb8847b4b5be0282060dd3f937657a0d71b5b3c138
SHA512

ff69d00d57c060e701df1d99b45ea2696c5d98020a826ae3127f8ba2a0b2411826899202a459054438402be56825a13528867933cb4d48d90d0917f823f2d723
SSDEEP

6144:N14b8NW4RD8ZPe6gZGFCoyxeccVSrDPUcnZIpLSbYTzq:N1U8NW4RD8ZvyGFClxUokyZIpVTzq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1856139312ef4a4aa899a771be26506b

Files

1856139312ef4a4aa899a771be26506b
.exe windows:8 windows x86 arch:x86

05554a08e3a6ebea489f08fc40b5e801

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CoTaskMemAlloc

kernel32

UnmapViewOfFile
CreateFileW
CreateFileMappingW
GetProcessHeap
WaitForMultipleObjectsEx
VirtualAlloc
CreateEventW
OpenProcess
HeapFree
GetOverlappedResult
SetThreadPriority
CompareStringW
lstrcpyW
GetProcessShutdownParameters
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
QueryPerformanceCounter
GlobalDeleteAtom
FlushInstructionCache
ReadFile
CreateMutexW
CloseHandle
VirtualFree
FreeLibrary
GetLastError
GetCurrentThread
GetCurrentProcess
CancelIo
MulDiv
GetTickCount
GlobalAddAtomW
VerifyVersionInfoW
SetThreadExecutionState
SetProcessShutdownParameters
GetProcAddress
ReleaseMutex
GetTickCount
OpenEventW

hid

HidD_GetProductString
HidP_GetUsageValue
HidP_GetSpecificButtonCaps
HidP_GetCaps
HidD_GetPreparsedData
HidP_MaxUsageListLength
HidD_GetAttributes
HidP_GetUsages

advapi32

RegSetValueExW
RegSetValueW
RegOpenKeyW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegDeleteKeyW
OpenProcessToken
RegCreateKeyExW
OpenThreadToken
RegQueryValueExA
SetSecurityDescriptorGroup
RegCloseKey

msvcrt

wcscmp
_adjust_fdiv
_CxxThrowException
_except_handler3
wcstol
_wfopen
_vsnwprintf
free
wcscpy
fclose
??3@YAXPAX@Z
fputws
_itow
_initterm
_onexit
wcsstr
_ftol
??1type_info@@UAE@XZ
wcslen
__dllonexit
_exit
?terminate@@YAXXZ
_beginthreadex
malloc

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

atl

ord44
ord20
ord57
ord43

gdi32

SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC

user32

GetUserObjectInformationW
MonitorFromPoint
OpenDesktopW
CallNextHookEx
SetThreadDesktop
GetClientRect
GetSysColorBrush
EnumDisplaySettingsW
IsWindow
OpenInputDesktop
GetPropW
UpdateLayeredWindow
RegisterWindowMessageW
SetWindowsHookExW
ReleaseDC
LoadImageW
DestroyWindow
PostMessageW
SystemParametersInfoW
IntersectRect
PostThreadMessageW
ShowWindow
CharNextW
GetDC
SetWindowLongW
GetMessageW
GetWindowLongW
RegisterDeviceNotificationW
ClientToScreen
EnumDisplayMonitors
GetDoubleClickTime
WindowFromPoint
GetSysColor
LoadStringW
CallWindowProcW
DestroyIcon

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05554a08e3a6ebea489f08fc40b5e801

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

hid

advapi32

msvcrt

setupapi

atl

gdi32

user32

Sections

.text Size: 183KB - Virtual size: 183KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 3KB - Virtual size: 556KB

.text
Size: 183KB - Virtual size: 183KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 3KB - Virtual size: 556KB