161755f40339888b5645a0d43c957ee9

Sharing

Copy URL

Twitter E-mail

General

Target

161755f40339888b5645a0d43c957ee9
Size

280KB
MD5

161755f40339888b5645a0d43c957ee9
SHA1

72747ed6a7d90a3c9b45c9bcb7617843a2145b2b
SHA256

e2c980bf5c78a64192a85d9223575018cffb16a2a371c1ab72e8b966026ed28b
SHA512

1a4e00394908558f173a19a6f2c3020aaa4eeff8032db030ea83148838b05f7430bf7066ab9bd935af34a0455cca9562ec9e379e027b67c1d6b2ff0bcb433cdc
SSDEEP

6144:XT8YkT9xI3wRBtbwfoQ869xPO73p30YJP+FAIxm8bG:X4YkZxI3wbwfoJX6YJ3Ixm86

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
161755f40339888b5645a0d43c957ee9

Files

161755f40339888b5645a0d43c957ee9
.exe windows:4 windows x86 arch:x86

c2379ebe46890636b2633edd5d05d52c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommModemStatus
SetProcessShutdownParameters
GlobalUnlock
SetEndOfFile
VirtualAlloc
SetStdHandle
GetSystemInfo
_hread
WriteConsoleOutputCharacterA
GetCommState
ReleaseSemaphore
WriteConsoleOutputW
VirtualFree
ExitProcess
ReadConsoleA
LoadLibraryExA
EnumSystemCodePagesW
GetCurrentDirectoryW
GlobalAddAtomW
GetOEMCP
GetConsoleMode
GetLongPathNameA
ReleaseMutex
WriteFile
RemoveDirectoryA
FlushFileBuffers
GetTimeZoneInformation
_lopen
FillConsoleOutputCharacterA
EnumResourceLanguagesW
IsDBCSLeadByteEx
GetProfileIntA
SetCommTimeouts

user32

MapVirtualKeyW
SetProcessDefaultLayout
DestroyMenu
CharLowerA
RegisterWindowMessageW
ChangeClipboardChain
GetKeyNameTextA
SetWindowsHookExA
SetKeyboardState
SetPropW
DefFrameProcA
GetWindowLongW
GetUpdateRect
SetWindowPlacement
LoadImageW
GetMenuItemID
ToAscii
UnhookWinEvent
SetWindowContextHelpId
GrayStringA
wsprintfW
CopyRect
CharToOemA
TranslateAcceleratorA
ShowWindow
LoadIconA
EnumDisplaySettingsW
DispatchMessageW
DefMDIChildProcW
MoveWindow

gdi32

SetRectRgn
GetBkColor
GetPolyFillMode
RestoreDC
SetDIBitsToDevice
GetTextCharset
CreatePen
LineTo
GetObjectW
ChoosePixelFormat

comdlg32

PageSetupDlgA
ReplaceTextW
CommDlgExtendedError
ChooseFontA

advapi32

RegOpenKeyExA
GetExplicitEntriesFromAclW
CryptSetHashParam
RegOpenKeyExW
SetSecurityDescriptorDacl
RegSaveKeyW
RegEnumValueA
CryptReleaseContext
GetUserNameW
LookupPrivilegeValueA
InitiateSystemShutdownA
GetSecurityInfo
SetEntriesInAclW

shell32

SHChangeNotify
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoQueryProxyBlanket
OleCreateMenuDescriptor
PropVariantCopy
ReadClassStm
OleCreateLink
CoImpersonateClient
OleRegGetUserType

oleaut32

SysFreeString
SetErrorInfo
SafeArrayUnaccessData
VariantCopy
LoadTypeLibEx
SafeArrayRedim
SafeArrayCreate
SysAllocStringLen
SafeArrayGetElement
QueryPathOfRegTypeLi

shlwapi

PathCanonicalizeA
StrTrimW
PathCompactPathExW

Sections

.text
Size: 2KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2379ebe46890636b2633edd5d05d52c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 2KB - Virtual size: 219KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 219KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 17KB - Virtual size: 16KB