01d6aab73897164d39859b728ec0cd9c

Sharing

Copy URL Twitter E-mail

General

Target

01d6aab73897164d39859b728ec0cd9c
Size

104KB
MD5

01d6aab73897164d39859b728ec0cd9c
SHA1

ee9c97b0405459158de7a3c0074bfc94edce67e4
SHA256

45a80e7643265301ab7ece2a4b882214699db7651d582c43e07b3834bb636214
SHA512

6f09a38f6e401f525804b6f58dfd2cd78833d2f255c037f655b2a106e9916f2d982916c6125cc399ac606b425047d42cd3c21c607d86ad9efa9c98ac135e63f2
SSDEEP

1536:K2Idm8ppe5iDglefHCgzF3uqW3rWcnmk+lZmQl+NepqSfT7K9KhFMnIeBuQgJp6+:Um8Xew0IHnkV9+K0qqK4FMn5n9Nghd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01d6aab73897164d39859b728ec0cd9c

Files

01d6aab73897164d39859b728ec0cd9c
.exe windows:5 windows x86 arch:x86

80bcdccc2372ba1bbe1a913d5b107acd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
free
fprintf
__getmainargs
_exit
strncmp
_except_handler3
_initterm
fclose
sprintf
exit
fputs
__p__fmode
fopen
_acmdln
memmove
fread
fputc
_adjust_fdiv
__p__commode
memset
_errno
__set_app_type
calloc

kernel32

ReadFile
SetCurrentDirectoryA
FlushFileBuffers
LoadLibraryExW
WriteFile
SetLastError
MoveFileA
CreateFileMappingA
GetTempPathA
GetUserDefaultLCID
GetStartupInfoA
GetUserDefaultLangID
GlobalLock
GetProcAddress
SetEnvironmentVariableA
GetStringTypeA
GetModuleHandleA
IsDebuggerPresent
VirtualQuery
GetCurrentProcessId
FreeLibrary
FormatMessageA

gdi32

GetCharWidthW
CreateDIBitmap
SetWorldTransform
GetNearestColor

comctl32

InitializeFlatSB
ImageList_Add
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_DragShowNolock
ImageList_SetOverlayImage
ImageList_DrawEx
CreateStatusWindowA
PropertySheetA
ImageList_Destroy

user32

GetSysColorBrush
GetScrollInfo
LoadCursorA
IsDialogMessageA
GetDesktopWindow
DrawIcon
DrawTextA
InsertMenuA
GetDlgItem
WindowFromPoint
DestroyIcon
IsChild

oleaut32

SysStringByteLen
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayRedim
LoadTypeLib
SafeArrayUnaccessData
VariantClear

advapi32

RegEnumKeyW
OpenServiceW
EqualSid
RegOpenKeyW
RegQueryValueA
DeregisterEventSource
RevertToSelf
CheckTokenMembership
CryptCreateHash
QueryServiceStatus
SetSecurityDescriptorGroup
RegDeleteKeyW
RegDeleteValueA
RegEnumKeyExA
RegQueryValueExA

ole32

ReleaseStgMedium
DoDragDrop
CoGetMalloc
CoRegisterClassObject
OleUninitialize
CoSetProxyBlanket
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoDisconnectObject
RegisterDragDrop
IsEqualGUID
CoInitializeEx
ProgIDFromCLSID

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80bcdccc2372ba1bbe1a913d5b107acd

Headers

File Characteristics

Imports

msvcrt

kernel32

gdi32

comctl32

user32

oleaut32

advapi32

ole32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 26KB - Virtual size: 26KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 16KB - Virtual size: 16KB