25c0412b1486900a2d32ed71b105241c

Sharing

Copy URL Twitter E-mail

General

Target

25c0412b1486900a2d32ed71b105241c
Size

866KB
MD5

25c0412b1486900a2d32ed71b105241c
SHA1

ae1dfa19e025e2575a562e2cc1b536aac1062078
SHA256

453813dc08a0222323c3933606e9b09201a562a2e2465983f50b28f2efd8404b
SHA512

6292beb1b96441a4c467d9e1975eb77f71e6be2cf28ef1270d4879ed6c5d668b6b6e136eeae115e2a080fa98e8b5741785920f0c618738725692b883b6f469cc
SSDEEP

12288:gliDQlBIgB8aMW+QioSjTEWR0fGts2wVEVrp50rPWoSr0W45v7lF1MmNHvR:SnMW+ZjTEm0gs2eEVrp5sXSrUp1MmtR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25c0412b1486900a2d32ed71b105241c

Files

25c0412b1486900a2d32ed71b105241c
.exe windows:5 windows x86 arch:x86

f9a027ba7a2e4b817f6e009795bb2d2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
WriteFile
RtlUnwind
HeapFree
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
VirtualQuery
VirtualProtect
GlobalFree
GlobalAlloc
CreateFileA
CloseHandle
IsBadWritePtr
IsBadReadPtr
GetSystemTime
VirtualAlloc
GetCurrentThreadId
LoadLibraryA
GetLastError
GetProcAddress
GetCurrentProcessId
FreeLibrary
VirtualFree
ExitProcess
HeapAlloc
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
GetStringTypeW

user32

CallNextHookEx
GetSysColor
GetSystemMetrics
MessageBeep
SetWindowsHookExA
GetActiveWindow
UnhookWindowsHookEx
SetTimer
wsprintfA
KillTimer
MessageBoxA

gdi32

CreateSolidBrush
CreatePen
Rectangle
LineTo
CreateFontA
SetBkColor
SetTextColor
GetTextExtentPointA
TextOutA
DeleteObject
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
MoveToEx

comctl32

ord17

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey

Exports

Exports

ImportWndProc
MainWndProc
TimerProc

Sections

.text
Size: 711KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.descode
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.desdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9a027ba7a2e4b817f6e009795bb2d2d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

advapi32

Exports

Exports

Sections

.text Size: 711KB - Virtual size: 708KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 62KB - Virtual size: 417KB

.rsrc Size: 1KB - Virtual size: 1KB

.descode Size: 18KB - Virtual size: 17KB

.desdata Size: 9KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 711KB - Virtual size: 708KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 62KB - Virtual size: 417KB

.rsrc
Size: 1KB - Virtual size: 1KB

.descode
Size: 18KB - Virtual size: 17KB

.desdata
Size: 9KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB