438b80d0657d89b46edbfadc7da198ab

Sharing

Copy URL Twitter E-mail

General

Target

438b80d0657d89b46edbfadc7da198ab
Size

1.1MB
MD5

438b80d0657d89b46edbfadc7da198ab
SHA1

28eafc8e72c4797ec0178960723d1dc43bfdabf3
SHA256

ec535af2fcb3293b3cda396207750f4d2ec85e23fea4765aafb18501d94d88b2
SHA512

3c68b2a04ef83cf4d68c52a3e262af472c2eb520fd4a75980b1dbb26a6a04d20b10b417e6ecff47b944de1b57cb39a6dad3ac999ad453d8499c0f4c44b73c101
SSDEEP

24576:JWGcieU12I45Omf1r/RPd9X6gMAQFT0s8PQ88h/yg:JWGWU12IkOmfFZvNxQFoxPDe/y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
438b80d0657d89b46edbfadc7da198ab

Files

438b80d0657d89b46edbfadc7da198ab
.exe windows:4 windows x86 arch:x86

3a949401b81c29f154978ebe36353f41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyA
RegOpenKeyExA
RegQueryInfoKeyW
RegOpenKeyA
RegOpenKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExA
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyA
RegLoadKeyA
RegDeleteValueW
RegReplaceKeyW
RegQueryValueA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegFlushKey
RegQueryInfoKeyA
RegCreateKeyExW
RegReplaceKeyW
RegQueryValueExA
RegEnumValueA
RegGetKeySecurity
RegQueryValueW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyW
RegReplaceKeyA

user32

GetDlgItem
AppendMenuA
CopyIcon
CreateIcon
CopyRect
DialogBoxParamW
BlockInput
GetDC
IsWindow
GetWindowTextA
GetMenu
CopyImage
CloseWindow
LoadMenuA
DrawTextA
CalcMenuBar
LoadCursorA
DrawIconEx
DrawIconEx
CopyRect
GetDlgItem
CloseWindow
AppendMenuA
GetMenu
DrawTextW
BlockInput
InsertMenuA
CopyImage
IsMenu
DrawTextA
DialogBoxParamA
DialogBoxParamW
GetFocus

kernel32

ReadConsoleA
GetComputerNameA
GetStdHandle
ExitThread
CreateDirectoryA
DeleteAtom
CopyFileExW
ReadFile
FindFirstFileA
GlobalFree
DeleteFileA
GetFileTime
OpenFileMappingA
OpenFile
Sleep
FindAtomA
GetComputerNameA
GetFileTime
GetLastError
OpenFileMappingA
GetCPInfo
Sleep
ReadFile
DeleteFileW
CreateProcessA
GlobalFree
GetStdHandle
GetConsoleMode
CopyFileExA
SetLastError
GetFileSize
ExitThread
CreateDirectoryA
FindFirstFileA

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qjdata
Size: 940KB - Virtual size: 939KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a949401b81c29f154978ebe36353f41

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.text Size: 132KB - Virtual size: 131KB

.qjdata Size: 940KB - Virtual size: 939KB

.tls Size: 4KB - Virtual size: 4KB

.rdata Size: 8KB - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 2KB

.edata Size: 4KB - Virtual size: 1.6MB

.text
Size: 132KB - Virtual size: 131KB

.qjdata
Size: 940KB - Virtual size: 939KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 2KB

.edata
Size: 4KB - Virtual size: 1.6MB