197fef5cae1bfad1fe98596d09ff34e9

Sharing

Copy URL

Twitter E-mail

General

Target

197fef5cae1bfad1fe98596d09ff34e9
Size

149KB
MD5

197fef5cae1bfad1fe98596d09ff34e9
SHA1

43228da1ade78c45eff08e10e93e6dc01b71e55d
SHA256

f01a31ae405d22bc42f44b07466a6954d451a62de9c816a41d3cdc5a92909911
SHA512

e06cfd896ea2adccc682c357ff1f7e91bb60827796e8e5163aff0431f939b22aa096fcffd29808aadf8b7debe4e13c0f38861f8e9c431f5beacd3bab40ccdd4b
SSDEEP

3072:KG8LoYz0kRnqvyj7o3bsYsJ/2mt0Bmf1gJtmGe/8Azd57h3N+i8PldENHWLo:KHLoK8yj7KYYYOmqBmf1gJtmGeEAx3jz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
197fef5cae1bfad1fe98596d09ff34e9

Files

197fef5cae1bfad1fe98596d09ff34e9
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

e304c8033acfe4f362d9dabab5dcfcba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
CompareStringA
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateMutexA
CreateProcessA
DeleteCriticalSection
EnumCalendarInfoA
ExitThread
ExpandEnvironmentStringsA
FileTimeToSystemTime
FindClose
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetConsoleOutputCP
GetCurrentDirectoryA
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesW
GetFileSize
GetFileTime
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcessHeap
GetShortPathNameA
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetSystemDefaultLCID
GetSystemInfo
GetTempFileNameA
GetTickCount
GetUserDefaultLCID
GetVersion
GlobalAlloc
HeapAlloc
HeapCreate
HeapDestroy
HeapSize
InterlockedExchange
InterlockedIncrement
IsBadWritePtr
IsValidCodePage
LCMapStringW
LoadLibraryA
LoadLibraryExW
LocalFileTimeToFileTime
MapViewOfFile
MoveFileA
OpenProcess
OutputDebugStringA
ReadFile
ReleaseMutex
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetHandleCount
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
WaitForMultipleObjects
lstrcatA
lstrcmpA
lstrcmpiW
lstrlenA

user32

BeginPaint
CallNextHookEx
CloseClipboard
CreateMenu
DefWindowProcA
DestroyCursor
DispatchMessageA
DrawFrameControl
DrawMenuBar
EnableWindow
FillRect
GetActiveWindow
GetClassInfoA
GetClassNameA
GetIconInfo
GetKeyState
GetKeyboardType
GetMenuItemCount
GetMenuStringA
GetMessagePos
GetParent
GetScrollPos
GetSubMenu
GetSystemMenu
GetTopWindow
GetWindow
GetWindowDC
GetWindowTextA
InflateRect
IsRectEmpty
IsWindow
IsWindowVisible
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OffsetRect
OpenClipboard
PostQuitMessage
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetRect
SetScrollPos
SetWindowLongA
SetWindowPos
ShowOwnedPopups
SystemParametersInfoA
UnregisterClassA
UpdateWindow
WaitMessage

gdi32

AbortDoc
AddFontResourceA
CloseMetaFile
CopyMetaFileA
CreateBitmap
CreateBrushIndirect
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateEnhMetaFileA
CreateFontIndirectW
CreateHalftonePalette
CreateHatchBrush
CreateICA
CreateMetaFileW
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
DeleteMetaFile
DeleteObject
EndDoc
EnumFontFamiliesA
EnumFontFamiliesW
EnumMetaFile
ExtEscape
ExtFloodFill
FillRgn
FrameRgn
GetBitmapBits
GetBkColor
GetCharWidthW
GetCharacterPlacementA
GetCurrentObject
GetDCOrgEx
GetEnhMetaFileBits
GetMapMode
GetObjectA
GetOutlineTextMetricsA
GetPaletteEntries
GetRgnBox
GetStretchBltMode
GetTextAlign
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPointW
GetTextFaceA
GetViewportOrgEx
GetWinMetaFileBits
IntersectClipRect
LPtoDP
PlayMetaFileRecord
PolyBezierTo
Polygon
PolylineTo
PtInRegion
PtVisible
RealizePalette
RectVisible
ScaleViewportExtEx
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBitsToDevice
SetEnhMetaFileBits
SetMapMode
SetMapperFlags
SetPixel
SetPolyFillMode
SetRectRgn
SetTextAlign
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
SetWorldTransform
StartDocA
StartDocW
TextOutA
TranslateCharsetInfo

shell32

DoEnvironmentSubstW
DragAcceptFiles
DragQueryFile
DragQueryFileA
DragQueryFileW
ExtractIconExA
ExtractIconExW
SHBrowseForFolder
SHBrowseForFolderW
SHChangeNotify
SHFileOperationA
SHFileOperationW
SHGetDesktopFolder
SHGetDiskFreeSpaceExW
SHGetFileInfoW
SHGetFolderPathA
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSettings
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteA
ShellExecuteEx
ShellExecuteExW
Shell_NotifyIconW

comctl32

CreateStatusWindowA
CreateToolbarEx
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Destroy
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
InitCommonControls
InitCommonControlsEx
InitializeFlatSB
PropertySheetA

advapi32

AddAccessAllowedAce
AdjustTokenPrivileges
CheckTokenMembership
ControlService
ConvertStringSecurityDescriptorToSecurityDescriptorW
CopySid
CryptCreateHash
CryptDestroyHash
CryptHashData
CryptReleaseContext
EqualSid
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
GetUserNameA
InitiateSystemShutdownA
IsValidSid
LookupPrivilegeValueA
LookupPrivilegeValueW
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyA
RegEnumKeyExW
RegEnumKeyW
RegEnumValueA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RevertToSelf
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e304c8033acfe4f362d9dabab5dcfcba

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

advapi32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 86KB - Virtual size: 86KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 16KB - Virtual size: 16KB