04deeabfd8ff242ac20e4946be514beb

Sharing

Copy URL Twitter E-mail

General

Target

04deeabfd8ff242ac20e4946be514beb
Size

81KB
MD5

04deeabfd8ff242ac20e4946be514beb
SHA1

3ee0649df9715b059163fbe035acde32a2638d7a
SHA256

4a4c8cc4d5fd5b6cb907c8567d427ad6b2ff7e4efdd1261190a065bd5ac11c01
SHA512

774f7dc39eaf9ad91dc39b6cfd25a220ac2786039a4b20759a0274887208890f0cc1c3a099219e3319273801d0e401489300f08238185a7c28e55f6df33ab178
SSDEEP

1536:1QiLN2VPvbWl5vFDckjYQ6Rt4MhZ7/BNiIBpboSZ55dIv9hWPDs+JjEgom:1QkUVnbWl5vFwNnROMhZ75N3pbFZ55m2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04deeabfd8ff242ac20e4946be514beb

Files

04deeabfd8ff242ac20e4946be514beb
.exe windows:5 windows x86 arch:x86

e276dd79d5c16e0fcc2053ccf6ab1f2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetSubMenu
SetWindowTextA
FrameRect
EnableMenuItem
SetWindowPos
GetMessageA
GetSysColorBrush
EnumWindows
PostQuitMessage
GetScrollPos
GetSysColor
EqualRect
UnhookWindowsHookEx

kernel32

GetThreadLocale
GetTempPathA
GetStartupInfoA
GetACP
InterlockedExchange
GetSystemTime
GetCurrentProcessId
GetFileAttributesA
FileTimeToSystemTime
GetOEMCP
VirtualAllocEx
QueryPerformanceCounter
GetTickCount
RtlUnwind
SetUnhandledExceptionFilter
GetTimeZoneInformation
ExitProcess

gdi32

GetMapMode
CreateCompatibleBitmap
CopyEnhMetaFileA
SelectClipPath
SetViewportExtEx
DPtoLP
CreateICW
FillRgn
ExcludeClipRect

ole32

OleRun
CoTaskMemRealloc
DoDragDrop
CoRevokeClassObject
CoCreateInstance
CoInitializeSecurity
CoInitialize
StgOpenStorage
StringFromGUID2

advapi32

AdjustTokenPrivileges
GetSecurityDescriptorDacl
CheckTokenMembership
CryptHashData
FreeSid
QueryServiceStatus
RegCreateKeyA
GetUserNameA
RegCreateKeyExW
RegQueryValueExW

msvcrt

strcspn
puts
_flsbuf
_mbscmp
signal
__initenv
strlen
raise
_lock
_strdup
fflush
strncpy
__getmainargs
__setusermatherr
fprintf
_fdopen
iswspace
_CIpow

comctl32

ImageList_DragEnter
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_GetBkColor
ImageList_GetIcon
ImageList_SetIconSize
ImageList_LoadImageW
ImageList_Write
InitCommonControls
CreatePropertySheetPageA
ImageList_DrawEx
ImageList_Destroy
ImageList_LoadImageA

shell32

SHBrowseForFolderA
ExtractIconW
DoEnvironmentSubstW
DragQueryFileA
CommandLineToArgvW
ExtractIconExW
DragAcceptFiles
ShellExecuteW
SHGetPathFromIDList
DragQueryFileW
ShellExecuteEx

oleaut32

SafeArrayUnaccessData
SysReAllocStringLen
VariantCopy
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayGetUBound
SafeArrayRedim

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ypmwsph
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e276dd79d5c16e0fcc2053ccf6ab1f2c

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 40KB - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 34KB

ypmwsph Size: - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 34KB

ypmwsph
Size: - Virtual size: 4KB