0aa76d5e39198cc6a032a02a29dd6a79

Sharing

Copy URL Twitter E-mail

General

Target

0aa76d5e39198cc6a032a02a29dd6a79
Size

286KB
MD5

0aa76d5e39198cc6a032a02a29dd6a79
SHA1

c95506f8bd605b1ec28f3d99c5a9be172784cef0
SHA256

73fb6fa239a16bce628dec76b69895f090fafc51c896afce10e0bfe885b2a481
SHA512

3c55bfcbf97509c9f172cbfdc875845b34f9b4b3bbc93c10421bd18b9f94d8633933c4de8859fb2b5bc17c180ff9892d97f3271b6439494cf28cb68a4d3a1ad6
SSDEEP

6144:mVyNe+jekQELgYeHnmEiOkPYC7cpDp6MySH:LeoGEl3EimCuMM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0aa76d5e39198cc6a032a02a29dd6a79

Files

0aa76d5e39198cc6a032a02a29dd6a79
.exe windows:4 windows x86 arch:x86

ca8229784fd74ea39d33275f3978e8eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PageSetupDlgW
ChooseColorW
PrintDlgW
GetOpenFileNameA
ReplaceTextA
PrintDlgA
ChooseFontW
PageSetupDlgA

advapi32

CryptGetDefaultProviderA
StartServiceA
GetUserNameA
RegEnumValueA
LookupAccountNameA
CryptImportKey
RegDeleteKeyW
CryptHashSessionKey
StartServiceW
RegQueryMultipleValuesA
LookupPrivilegeDisplayNameW
LogonUserA
CryptEnumProviderTypesA
AbortSystemShutdownA
CryptCreateHash
RegLoadKeyW
GetUserNameW
CryptSetProvParam
RegEnumKeyExW

wininet

InternetGetCookieW

user32

CreateWindowStationA
UnionRect
InsertMenuA
SendNotifyMessageW
InflateRect
IsMenu
GetProcessWindowStation
GetMessageA
SetForegroundWindow
SwapMouseButton
GetWindowLongW
DdeQueryStringW
CreateAcceleratorTableA
DefFrameProcW
DdeDisconnect
DdeClientTransaction
SetProcessWindowStation
wvsprintfW
GetTabbedTextExtentA
DestroyCursor
GetWindowDC
ChangeDisplaySettingsExW
DrawMenuBar
SetMenuDefaultItem

kernel32

GetOEMCP
FreeEnvironmentStringsW
TlsSetValue
VirtualAlloc
HeapDestroy
InterlockedExchange
VirtualFree
GetModuleFileNameA
GetCurrentThreadId
CompareStringW
GetCPInfo
GetUserDefaultLCID
GetProcAddress
TlsGetValue
GetCommandLineW
CompareStringA
GetStartupInfoW
GetLastError
IsValidCodePage
SetUnhandledExceptionFilter
GetTimeZoneInformation
HeapSize
HeapAlloc
lstrlenW
lstrcatA
GetTimeFormatA
LCMapStringW
TlsFree
GetDateFormatA
SetLastError
InterlockedIncrement
DeleteCriticalSection
EnumSystemLocalesA
MultiByteToWideChar
HeapReAlloc
GetStringTypeW
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
GetCurrentProcessId
SetConsoleCtrlHandler
LCMapStringA
GetModuleHandleW
WriteFile
GetSystemTimeAsFileTime
GetModuleFileNameW
IsDebuggerPresent
HeapFree
GetTickCount
GetLocaleInfoW
GetFileType
GetACP
GetStartupInfoA
SetEnvironmentVariableA
ExitProcess
GetCurrentThread
IsValidLocale
UnhandledExceptionFilter
FreeLibrary
TlsAlloc
QueryPerformanceCounter
Sleep
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
SetHandleCount
LoadLibraryA
WideCharToMultiByte
GetModuleHandleA
UnmapViewOfFile
RtlUnwind
TerminateProcess
HeapCreate
VirtualQuery
InterlockedDecrement
GetStringTypeA
GetCurrentProcess

shell32

ShellExecuteA

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca8229784fd74ea39d33275f3978e8eb

Headers

File Characteristics

Imports

comdlg32

advapi32

wininet

user32

kernel32

shell32

Sections

.text Size: 130KB - Virtual size: 129KB

.data Size: 138KB - Virtual size: 138KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 130KB - Virtual size: 129KB

.data
Size: 138KB - Virtual size: 138KB

.rsrc
Size: 16KB - Virtual size: 16KB