00752627e0866f2f590aceca6298bab0

General

Target

00752627e0866f2f590aceca6298bab0
Size

118KB
MD5

00752627e0866f2f590aceca6298bab0
SHA1

007da1ca04ff88ecff5548df363b332b4d15c7bc
SHA256

9d71d494c98bcea9b4ded922d3876f8780fa4b927c88a9b781e327a8dadb27a1
SHA512

abcb44d1b9ced1cff0ba025f5722d0447cf34600788d15dcddccf0353991ff15252e6809f8ab36f4ebb321e8bc79203b6f0764516ebf968ebfa4cb47a05adce2
SSDEEP

3072:GvT/DTOjEoaYQGsXbUT1yGmjkMrVtk30e1xREo:oTrTOx1QGMIyy30

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00752627e0866f2f590aceca6298bab0

Files

00752627e0866f2f590aceca6298bab0
.exe windows:5 windows x86 arch:x86

d9bed553942b8971b3f793b0d2a898d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
SetForegroundWindow
UnregisterClassA
OpenClipboard
SetActiveWindow
GetSystemMetrics
DefWindowProcW
PtInRect
GetWindowPlacement
InflateRect
FillRect
CharUpperW

kernel32

InterlockedIncrement
InterlockedDecrement
GetStringTypeW
DuplicateHandle
LeaveCriticalSection
FileTimeToSystemTime
GetDateFormatW
GetCurrentProcess
DeleteCriticalSection
IsBadCodePtr
InitializeCriticalSectionAndSpinCount
GetProcAddress
CloseHandle
LoadLibraryA
Sleep
GetConsoleOutputCP
WriteFile
ReleaseMutex
VirtualAlloc
lstrcpynW
GetCurrentThreadId
MultiByteToWideChar
GetProcessHeap
GlobalLock
GetSystemTimeAsFileTime
SetEvent
LCMapStringW
GetModuleFileNameA
ExpandEnvironmentStringsW
LocalAlloc
HeapFree
TerminateProcess
GlobalHandle
GetConsoleMode
GetLastError
GetVersion
GetACP
QueryPerformanceCounter
lstrlenA
TerminateThread
TlsSetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
VirtualProtect
CreateFileA
UnmapViewOfFile
SetLastError
GlobalAlloc
GetCurrentProcessId
IsBadWritePtr
GetModuleHandleW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
AdjustTokenPrivileges
RegQueryValueExA

msvcrt

__p__commode
__getmainargs
wcsrchr
memmove
_wtol
_exit
?terminate@@YAXXZ
__set_app_type

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9bed553942b8971b3f793b0d2a898d2

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

msvcrt

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 30KB - Virtual size: 139KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 30KB - Virtual size: 139KB

.rsrc
Size: 3KB - Virtual size: 3KB