22a10810994d5d211a97ff9fd2196f5f

Sharing

Copy URL Twitter E-mail

General

Target

22a10810994d5d211a97ff9fd2196f5f
Size

1.4MB
MD5

22a10810994d5d211a97ff9fd2196f5f
SHA1

f884cafb8f93864a96900c1d874a74e297eb4f96
SHA256

e69a2115e2e0caabd563bd8918f41631f7601bc918c9cbe9642ceab24fabb480
SHA512

8e47b4fec9938f9372d57d971769efc2e72ecf2f98f10fa2202e5312844a8f6419961963e95522a75d05d1ee8635efed739bf29a516a0e65b418755b6c352e09
SSDEEP

24576:Qe5fZQZ1G7C18MypV7MipMti2ZXiEzNFMSME4mFCB2/uKaUTL41zPObqSPPyfFQI:zBGI+18dwip/2VpFMSMJmFw22KhTOzhp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22a10810994d5d211a97ff9fd2196f5f

Files

22a10810994d5d211a97ff9fd2196f5f
.exe windows:4 windows x86 arch:x86

5416cda78d572a8a6fbf86805ba67728

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrcpynA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharNextA

advapi32

ControlService

oleaut32

SafeArrayCreate

version

GetFileVersionInfoSizeA

gdi32

StretchBlt

ole32

OleSetMenuDescriptor

comctl32

ImageList_GetBkColor

wininet

InternetCloseHandle

iphlpapi

GetAdaptersInfo

Exports

Exports

#X�C��.fWk��`�~�]g��饘2h22�xi��m�N9�HɴRm�L��sΫ�u4��Ռ��K��[^��c��!˕��څiL�Qq�v��~��ޒH�L��݀��n�Ŗs�� [��N�8�s��>�+��),f��Wj8tZ� ��*�H��4R��ꎢ&��D�P��87j6��D$�Yƹ��̢��~��Ѷ�G\�?��q5 �_5m%kn�K��k�6��Sw��l5�ŷ+�_3z2�O��ɉ�W|�f��ڧ.,�z��%�j+��6u:�g�B�P��:9�v�ML�xB�J��d)��.�cs�O�/�Pb\��o�s�/UE��0��Kr@r��0��y�}J�F d��XXR�a�g�)�w�w�]H�d8�˛"�I��mhû2� l�h�Yj֗L�tex�JQ��{� fr�9|5o�ԟB��܇��:$kܚ�Q��˱$70��K#*�6R�b�*a}<ϟ��xnv�G��!`�!�0T��("f�U+'ޡ��w>yC��]��X��Ŵa�� Y��c{A��n�\*�D��2Il��]��c�)(�H�F�d˹[ǆ��Z��o�ܥUy��Y��gL߫��~�|��[0$&wh�_?�M=-�n1.��kuѣI$�Z�a�MW[�U��&�>fx�wS��_E�g�E>^j�+� �B#$+B�7��$�bA%�"d��z孡�΢9�p��$4ԫ�O�W�� ]�n�/�z��'��ɑ/f PƬ�(J5�=�i��F;�Y+6i��L�-I��o8|D��0��UsM＀ �T��N��"��ƻ��B��<��_Q�f�#��vk�#{�l�O�O��T�6��g��8M��9AK��!��^�}ѷ)�/2X��Tisg��a^�;�i�o&�hB�I�&QGL<ʼ��uw�%<?�ֈ��+�n��H�B�~,bn�|�<�v٤iJ�I��,1a�i��d��ݦhL@}Fm/6'J�}��m�2J�j�)X�PUc��f ��iB{�#)[��=�|E�4�a� ��V�r�^�>� �< �g7q��u ��O�ߙi1λ�� >��Z� =@8�ll��ǌ*$o��8|��Ty�6(Fr�+��(��񮙋i�k:*!�z�%ӼB$tdU��e0� �6��_�,��9E}N@�E�yI�i�bu�*�>U��=��k�|�}��K[�v��+MdOź�cz��'�o�ͧUvo�$Sޮ(,��L�yÚ��9��hVJ��J��l�r��`��Z�)n�5ϴ�O��+W��J��YK-��h��Ey ��c�=��Y��;ϥ��9��(<��/#)��u̼yd�lh[��1�R(��M��g$!�x�ʉ~��QJ��U� ��?I�Tȏ#�]x�m]�d�|p�Һ�n��OU:!d@H90��tP��a��ǘ��2_L��n�z3��d� ��p��S�P��*K��y.@(e�B�]�{]��L��p�!婞+Y��Ǆ��2�ZJ��Sw�rB�� $�7C�2Z%K�U�Qt�ލ��ؠSHT��b��D5��'�9l�,|��h��*��:"ąs��qq)�<��P�p��4��i|��@�۔��q�ZH!�GP��eg0��$��R�ͭh��Q�̬�OrX��;�Ҁ��+�Ob��;HB#)�Ąg��Q��~��.P�IT�W+�r%7[��lW��v�z��At��2� �m2z\^7��'v��R��ߒ�}nb>�-�/�}B%0��Q�"�po��(��L[��7�?�n��9�%�6U� #M�9R�f��Rw��ڒ��҃��}�/m�fx�1J3�� oMG9ܲ��5��v��m��ŝ�m�['�};G��Q]E� 9�c��t��Z�w|p�R9�SJ#��'�.��.}��oۯ�N64Eas�t,W�b��S��VI^�E6R��BD��N� ��)�"�+�{�:Ɲ�\UA�4�&�MVԞ.I�X��[\�3 �<8i+��`��T;�Y0Zm4�s��zy�(��$��,tb�-��6��)�*��dM4ޣ)�@`Y�TȒzN T;��u��rO��fYN��/��S��Q��㿪��!�y�5͇�A�0 4%[��Y��@L��.n�旐q|��'��g�a՛!x�֩��&�A�O%�� w��d7q� �a(K�b��G2��bѨ��^_Y�+Y�x�L�C+�\�Nh�*K�6M20\�1�k8�QTFF�~��̉א ,�7^̽2:�I��!� Q�2��6!J#�j��B�x�V*�z5k ��PS�-�F��>��(ד��hiO��E�w��3:�Y�f�`U�񎔄�/� Уq�n��w$��>��ҶHh83.��Y��^�G�Y��T 8-��c��t�Q`�1�F�P'��D�*��8˲U��H﮶�ڹV�m��ʄ��*��%"8��R�D|��Ύ2��n_��@�]x2?|\��ځ�J��k�� CG��*?��ƩrBpc�^��<��V7L�=�(ySɡ�T�Dzg��,-��*f��q3pϴ�}�A��2F��p�Q��լ=ؙi3�� h*�]�)��Ŗ��AC^��C�i[x]��^��Bu@�^B� �6�b��r��Yg�Ð��(x �TH��X�`ɖ��tt� ��u&9��#��.\��r�e>V�Ci�/�DCG�J��1}l�ْ��}T��HB�S�� -�l�,HfL�au��\ۃ��m�`�"U �A�G�Дg�L��[<��|DZ66��V��%�� !�9��4Iט��V_��s��*g<?)�'иi�Rx�j�

Sections

CODE
Size: - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ms0
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ms1
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ms2
Size: - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ms3
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5416cda78d572a8a6fbf86805ba67728

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

wininet

iphlpapi

Exports

Exports

Sections

CODE Size: - Virtual size: 779KB

DATA Size: - Virtual size: 10KB

BSS Size: - Virtual size: 4KB

.idata Size: - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: - Virtual size: 24B

.ms0 Size: - Virtual size: 51KB

.ms1 Size: 102KB - Virtual size: 102KB

.ms2 Size: - Virtual size: 581KB

.ms3 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 102KB - Virtual size: 101KB

CODE
Size: - Virtual size: 779KB

DATA
Size: - Virtual size: 10KB

BSS
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: - Virtual size: 24B

.ms0
Size: - Virtual size: 51KB

.ms1
Size: 102KB - Virtual size: 102KB

.ms2
Size: - Virtual size: 581KB

.ms3
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 102KB - Virtual size: 101KB