2197c8011436152a5c577554dc55e841

Sharing

Copy URL Twitter E-mail

General

Target

2197c8011436152a5c577554dc55e841
Size

158KB
MD5

2197c8011436152a5c577554dc55e841
SHA1

1c60030d614da71d81c29727ddb2bcf70b1b20e5
SHA256

636a3bd4ffc5e259dd5fe0083207893b419affd9cd1dec6eb2b061699e768e80
SHA512

2175393afe2e5983fd243cc89ec3088e728696a695adc6c66cbc027ae7182139d1eebc019cb23c08de5e8d5c393080e7ed9f5f8a1d2fb5d33cf9c14fabbf5f29
SSDEEP

3072:h3jxPGORgz8idNx8H5N8NdExmcRimNR8MgSLEs+qpje7JpsSlUGCC7LnR:FxP9mz8wnM5N8nE1RPN7WsAFtUsR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2197c8011436152a5c577554dc55e841

Files

2197c8011436152a5c577554dc55e841
.exe windows:1 windows x86 arch:x86

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
TerminateProcess
GetEnvironmentStringsW
Module32First
GetEnvironmentVariableA
FreeEnvironmentStringsA
GetTimeFormatA
GetStartupInfoA
ResetEvent
GetConsoleMode
HeapCreate
VerLanguageNameA
TerminateThread
CreateFileA
SetLastError
ReadProcessMemory
GetSystemDirectoryA
SetFilePointer
GetProcessHeap
GetModuleHandleA
WaitForSingleObject
GetStringTypeW
GetTickCount
lstrcmpiA

user32

DestroyWindow
DefMDIChildProcA
DrawMenuBar
DeleteMenu
DrawIconEx
IsDialogMessageA
ScreenToClient
IsDlgButtonChecked
GetWindowRect
ReleaseDC
MoveWindow
ShowWindow
SetWindowPos
SetTimer
MessageBoxA
BeginPaint
InvalidateRect
GetDlgCtrlID
GetKeyState
GetClassNameA
DefFrameProcA

gdi32

GetTextExtentPoint32A
CreateSolidBrush
SaveDC
ExtTextOutA
RectInRegion
CreatePen
LineTo
GetObjectA
SelectObject
SetTextColor
DeleteObject
EndPage
SetBkColor
RestoreDC
StartDocA
MoveToEx
GetStockObject
GetBkColor
SetTextAlign

msvcrt

putc
swprintf
_ismbcl2
_mbsrchr
_safe_fprem1
_safe_fdiv
__set_app_type
_gmtime64
__setusermatherr
_adj_fptan
__p__commode
_setjmp
_get_osfhandle
__p__fmode
_purecall
atof
_chmod
_beep
_adj_fdivr_m32i
_wrmdir
_mktime64
_exit
_adjust_fdiv
_wfopen
wcspbrk
_except_handler3
memcpy
_XcptFilter
_scwprintf
_controlfp
_getmbcp
_initterm
_pipe
_acmdln
_snwscanf
exit
__getmainargs

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 184KB

.rsrc Size: 127KB - Virtual size: 126KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 184KB

.rsrc
Size: 127KB - Virtual size: 126KB