03c5fe98a18d6297dd0782bf2020c6c7

Sharing

Copy URL Twitter E-mail

General

Target

03c5fe98a18d6297dd0782bf2020c6c7
Size

153KB
MD5

03c5fe98a18d6297dd0782bf2020c6c7
SHA1

8044c04e8fafeecf6612a8be90868f5243a9d55b
SHA256

6ae3f6d838069adec5627357fbeb809682855d08e5fa0b2b953f10fa515528bf
SHA512

0c4d021669b9c24cb8c6a91279c9f545df415ecd9f0b0326d3b6df7102078149fd1679d9f63dc005580eb208b2b3ab3734d6a957ab1fc76e3ef9f42e01ea5e66
SSDEEP

3072:qMjkAiOlE+F5khXMNM7I9htVWb2njOQ+4RM7uJPNU:oeqTWVW3R4RMkPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03c5fe98a18d6297dd0782bf2020c6c7

Files

03c5fe98a18d6297dd0782bf2020c6c7
.exe windows:5 windows x86 arch:x86

ddf1d1291cac1cde91c6a5a1224d40b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetUserDefaultLangID
VirtualProtect
GetStartupInfoA
GetOEMCP
GlobalHandle
GetModuleHandleA

msvcrt

__getmainargs
__p__commode
_except_handler3
memset
_itoa
_umask
__setusermatherr
log
iswdigit
srand
_open_osfhandle
_fstat
_utime
__set_app_type
_initterm
exit
__p__fmode
_acmdln
wcsrchr
_XcptFilter
_adjust_fdiv

user32

EndDialog
SetWindowTextA
GetCursorPos
IsDialogMessageA
GetDC
DeleteMenu
ScrollWindow

comctl32

ImageList_EndDrag
CreateToolbarEx
ImageList_SetIconSize
ImageList_SetBkColor
ImageList_Write
DestroyPropertySheetPage
CreateStatusWindowA
ImageList_LoadImageW
ImageList_GetImageInfo
PropertySheetW

version

VerQueryValueA
VerInstallFileA
GetFileVersionInfoW
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeW

ole32

StringFromCLSID
CoRegisterMessageFilter
OleFlushClipboard
OleSetClipboard
CoTaskMemRealloc
DoDragDrop
OleInitialize

shell32

DragAcceptFiles
SHGetPathFromIDListA
ShellExecuteEx
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetDesktopFolder
DragQueryFile
ExtractAssociatedIconW
CommandLineToArgvW
SHGetFileInfo
DragQueryFileA

advapi32

QueryServiceStatus
RegQueryInfoKeyW
RegEnumValueW
CryptDestroyHash
InitiateSystemShutdownA
RevertToSelf
RegDeleteValueA
GetSecurityDescriptorDacl
RegEnumValueA
IsValidSid
InitializeSecurityDescriptor

oleaut32

VariantCopy
SafeArrayUnaccessData
SysFreeString
GetActiveObject

gdi32

GetViewportOrgEx
EndPage
CreateFontIndirectA
CreatePen
EnumEnhMetaFile
Polyline

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ddf1d1291cac1cde91c6a5a1224d40b0

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

comctl32

version

ole32

shell32

advapi32

oleaut32

gdi32

Sections

.text Size: 62KB - Virtual size: 62KB

.data Size: 49KB - Virtual size: 48KB

.rsrc Size: 41KB - Virtual size: 120KB

.text
Size: 62KB - Virtual size: 62KB

.data
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 41KB - Virtual size: 120KB