004605f8599da38a89fc592acb6128ee

Sharing

Copy URL

Twitter E-mail

General

Target

004605f8599da38a89fc592acb6128ee
Size

111KB
MD5

004605f8599da38a89fc592acb6128ee
SHA1

bde853c5fdb3e60413adcae66bb0f245e9bec52e
SHA256

607a41c8788eb9230af69113b84ce11445b805b033f04f4d74584263cc7c794f
SHA512

55db5f0bee1bac2b97908dbfe7f6cad96a89caf444a05ce5b2c70bd79d03d5cc7219c0b2718aebbd63495aee98ec3ad752479c812b9ccc023ae08b473c83d8a2
SSDEEP

3072:qfEVMIUJeyeg6bwI/1Te0gyZcumbKFtwvINR:qfEmZ7e5bf/9e0gkcumbKXwvI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
004605f8599da38a89fc592acb6128ee

Files

004605f8599da38a89fc592acb6128ee
.exe windows:5 windows x86 arch:x86

d89a4ec5d1d98c944d202a0e95bbe3fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fseek
__p__commode
strcpy
__setusermatherr
exit
_exit
wcslen
_XcptFilter
strlen
_acmdln
malloc
_snprintf
strrchr
strncpy
remove
fclose
_onexit
strstr
_initterm
printf
__getmainargs
__p__fmode
strchr
fwrite
free
strcmp
_adjust_fdiv
fread
__set_app_type
memcpy
fopen
fprintf
_except_handler3

kernel32

GetCurrentProcess
WritePrivateProfileStringA
InterlockedDecrement
WaitForSingleObject
GetProcAddress
IsDBCSLeadByte
GetSystemInfo
GetFileType
LocalFileTimeToFileTime
VirtualProtect
SetHandleCount
lstrcpyA
GetModuleHandleW
VirtualFree
LoadLibraryA

gdi32

CreateFontW
SetWindowExtEx
SetDIBitsToDevice
SetMetaFileBitsEx
GetEnhMetaFilePaletteEntries
BitBlt
GetMetaFileBitsEx
OffsetRgn
DeleteEnhMetaFile
SetMapperFlags
GetCharWidthW
Polyline

advapi32

RegSetValueExA
InitiateSystemShutdownA
CryptAcquireContextA
RegEnumValueW
QueryServiceStatus
ControlService
RegDeleteValueA

oleaut32

LoadTypeLib
VariantClear
SafeArrayPtrOfIndex
SysStringLen
SysStringByteLen
SysReAllocStringLen
VariantCopy

shell32

SHGetPathFromIDListA
SHBindToParent
DragQueryFileA
SHGetPathFromIDList
SHBrowseForFolderA
SHGetDiskFreeSpaceExW
ExtractAssociatedIconW
SHBrowseForFolderW
DragFinish

user32

PeekMessageA
LoadIconA
GetPropA
CheckMenuItem
GetScrollRange
IsWindowVisible
UpdateWindow
CallNextHookEx
SetScrollPos
OpenClipboard

ole32

CLSIDFromProgID
CoGetInterfaceAndReleaseStream
StgCreateDocfileOnILockBytes
CLSIDFromString
OleSetMenuDescriptor
CreateBindCtx
CoRegisterClassObject
CreateILockBytesOnHGlobal
OleUninitialize
CoUninitialize
CoDisconnectObject

comctl32

ImageList_GetImageCount
ImageList_Replace
InitCommonControls
CreatePropertySheetPageA
PropertySheetA
ImageList_LoadImageW
ImageList_GetImageInfo
ImageList_GetIcon

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d89a4ec5d1d98c944d202a0e95bbe3fc

Headers

File Characteristics

Imports

msvcrt

kernel32

gdi32

advapi32

oleaut32

shell32

user32

ole32

comctl32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 43KB - Virtual size: 60KB

.rsrc Size: 61KB - Virtual size: 60KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 43KB - Virtual size: 60KB

.rsrc
Size: 61KB - Virtual size: 60KB