17e332d7cecd9b6554f170d186073d97

Sharing

Copy URL Twitter E-mail

General

Target

17e332d7cecd9b6554f170d186073d97
Size

312KB
MD5

17e332d7cecd9b6554f170d186073d97
SHA1

ebb028a76dee85158263a0fe85b57f0d12eaa043
SHA256

58dbb48fcc96ffe9c2c9baf2d01dbee746132571ca7283822f64199a3addb91e
SHA512

72fda79050bbe8063f4eca504602bae2538cbd0283af2d57f1d35379d6c65e83b3407da6ceda7d9dc7c128b65a2e0252319371f202eb8e6913b69024633df60f
SSDEEP

6144:p/+fo5ocQTlbhQOlS+ismAbrFhJ00K/Mtt3a77TPcQ4w3n:V+fo5WMOU+ismuFtC3TPcQ4w3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17e332d7cecd9b6554f170d186073d97

Files

17e332d7cecd9b6554f170d186073d97
.exe windows:5 windows x86 arch:x86

df3578a41879da71867419dc0aa0c3bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
SetEndOfFile
GetStringTypeW
LCMapStringW
WriteConsoleW
HeapSize
ReadFile
HeapReAlloc
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
CreateFileW
CreateProcessA
GetFileAttributesA
CreateFileA
CompareStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GlobalFree
CloseHandle
GetLastError
HeapCreate
Sleep
GlobalAlloc
QueryPerformanceCounter
GetCurrentProcess
FlushFileBuffers
HeapAlloc
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
WriteFile
GetExitCodeProcess
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
CreatePipe
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
HeapFree
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
SetStdHandle
RtlUnwind
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetEnvironmentVariableA

user32

RegisterClassA
GetScrollPos
DialogBoxParamA
DestroyWindow
GetMessageA
RegisterClassExA
IsIconic
SetCapture
LoadMenuA
LoadIconA
LoadCursorA
GetClientRect
SendMessageA
GetDC
TranslateMessage
ChildWindowFromPoint
CreateWindowExA
ReleaseDC
LoadAcceleratorsA
ShowWindow
DispatchMessageA

gdi32

DeleteDC
CreateFontIndirectA
SelectObject
GetEnhMetaFileW

winspool.drv

EndPagePrinter
ClosePrinter

comdlg32

PrintDlgA

advapi32

AllocateAndInitializeSid
LookupAccountSidA
EqualSid
OpenProcessToken
FreeSid

oleaut32

GetErrorInfo

ws2_32

WSAStartup

mpr

WNetGetUniversalNameA
WNetCloseEnum

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df3578a41879da71867419dc0aa0c3bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

oleaut32

ws2_32

mpr

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 228KB - Virtual size: 236KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 228KB - Virtual size: 236KB

.rsrc
Size: 512B - Virtual size: 436B