44a8619c2f50c0715b6bed5d6b6f37db

Sharing

Copy URL Twitter E-mail

General

Target

44a8619c2f50c0715b6bed5d6b6f37db
Size

287KB
MD5

44a8619c2f50c0715b6bed5d6b6f37db
SHA1

a235afd3bc01df8ad9bf1a9088094f32d7f99ec2
SHA256

e306670d78f8e421140871fe04e4d8ec1bf481346fa6b82cf41eda53009a9017
SHA512

c6e749d4bf8379ddadfbdeca8f58245b17a3953124a9b179f469d152e9f537912ef79ed92d6b17a601715d5c0c2ddcfbe2d2aaa6f32b95cf9f0f64eecf63de75
SSDEEP

6144:bDS1VzfeWVo9TYfUkHKeUIRVrepE/XGqgRRtjFx18dAXh6L8F+:HS/eWVsTY9TUuKevGqoRjx18dS6wF+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44a8619c2f50c0715b6bed5d6b6f37db

Files

44a8619c2f50c0715b6bed5d6b6f37db
.exe windows:5 windows x86 arch:x86

4cf2778e3b86c32c3ff102899c3ffc61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
gmtime
vfwprintf
putchar
setlocale
ctime
memset
malloc
wcsrchr
exit
strcspn
wcscspn
strtok
strncpy

crypt32

CertCloseStore
CryptHashPublicKeyInfo
CertFindCertificateInStore
CryptProtectData
CertFreeCertificateContext
CertOpenStore

comdlg32

GetOpenFileNameA
GetSaveFileNameA
PrintDlgW
FindTextW
GetFileTitleW
GetSaveFileNameW
ReplaceTextW
PageSetupDlgW
ChooseFontW
ChooseColorW
CommDlgExtendedError

user32

CreateAcceleratorTableA
IsWindow
SetCursorPos
GetMenu
InflateRect
DrawFocusRect
GetUpdateRect
SwapMouseButton
DialogBoxParamW
LoadBitmapW
SetMenuItemBitmaps
DestroyCursor
GetKeyState
DestroyAcceleratorTable
SetCursor
GetWindowLongA
CreatePopupMenu
CharUpperBuffA
RemoveMenu
GetPropW
EnableMenuItem
ModifyMenuA
RedrawWindow
InsertMenuW
LoadStringW
EnumThreadWindows
SwitchToThisWindow

gdi32

DeleteDC
GetTextExtentPoint32W
CreateCompatibleDC
CreateFontW
GetFontData
GetTextCharsetInfo
GetBkMode
StretchBlt
EnumFontFamiliesExW
OffsetViewportOrgEx
CreateSolidBrush
EnumFontsW
GetObjectA
CreateDiscardableBitmap
UpdateColors
PolyBezier
DescribePixelFormat
GetMetaFileA

kernel32

MultiByteToWideChar
CreateSemaphoreW
LocalAlloc
GetSystemInfo
LoadLibraryExA
CreateWaitableTimerW
CreateMutexA
FileTimeToDosDateTime
GetCPInfoExA
LocalSize
HeapUnlock
SetCommBreak
LocalFree
GetShortPathNameW
LoadLibraryA
GetCurrentDirectoryA
GetLocaleInfoA
HeapAlloc
SetEndOfFile
GetPrivateProfileIntA
WaitForSingleObject
WaitForSingleObjectEx
GetProcessHeap
FindResourceA
HeapDestroy
GetTickCount
EnumResourceTypesA
RemoveDirectoryA

winspool.drv

DeviceCapabilitiesA

Exports

Exports

_FeDs_lua_vn@8
_VlC_SilEN_Mgss@12
_Format_SysMessages@8
_ReCalc_Used_Data@12
_KhH_uOccd_i@8
_IDWt_iiy_wapo@8

Sections

.code
Size: 512B - Virtual size: 283KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cf2778e3b86c32c3ff102899c3ffc61

Headers

File Characteristics

Imports

msvcrt

crypt32

comdlg32

user32

gdi32

kernel32

winspool.drv

Exports

Exports

Sections

.code Size: 512B - Virtual size: 283KB

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 250KB - Virtual size: 250KB

.reloc Size: 1024B - Virtual size: 680B

.code
Size: 512B - Virtual size: 283KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 250KB - Virtual size: 250KB

.reloc
Size: 1024B - Virtual size: 680B