277aa12b0ac298c4292848119260f9c9

Sharing

Copy URL

Twitter E-mail

General

Target

277aa12b0ac298c4292848119260f9c9
Size

208KB
MD5

277aa12b0ac298c4292848119260f9c9
SHA1

865c696c84f8b18692737e6dfb3aae2b05312ff6
SHA256

9671b98b639ee72f63704a4aba31470702ff07c14e381c08542c2748a8274bb9
SHA512

1949e51e63758762ecc36daa9d826d509c562a16adae7feecc94cb393440b9b806554f007c1d6bc5d57a3e941e0c44e35448414477082e1757a27b5bd4f90b41
SSDEEP

6144:QVnhakhjVREcIaXRGjqM6je1cCyClneNp0aR:cnhakhZRE8gqJUUCdeb0C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
277aa12b0ac298c4292848119260f9c9

Files

277aa12b0ac298c4292848119260f9c9
.dll windows:4 windows x86 arch:x86

c7a2d20d5ca77cc5ce5f55b0016da486

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_Remove
ImageList_DragShowNolock
ImageList_GetBkColor
ImageList_Read
ImageList_Read
ImageList_Add
ImageList_Create
ImageList_Write
ImageList_GetBkColor
ImageList_DragShowNolock
ImageList_Destroy
ImageList_Draw

shell32

Shell_NotifyIconA
DragQueryFileA
SHFileOperationA
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetFileInfoA
DragQueryFileA
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHFileOperationA

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegCreateKeyA
RegDeleteValueA

kernel32

GetCurrentProcessId
GetLocaleInfoA
SizeofResource
GlobalAddAtomA
GetProcAddress
VirtualAlloc
GetLastError
lstrlenA
ExitProcess
GetModuleHandleA
GlobalAddAtomA

shlwapi

SHDeleteValueA
PathGetCharTypeA
SHDeleteKeyA
PathIsContentTypeA
SHGetValueA
SHDeleteValueA
PathGetCharTypeA
SHQueryInfoKeyA
PathFileExistsA
SHQueryValueExA
SHStrDupA
SHDeleteValueA
SHGetValueA
SHSetValueA
SHEnumValueA
SHStrDupA

version

GetFileVersionInfoSizeA

user32

GetActiveWindow
MsgWaitForMultipleObjects
GetCursor
GetFocus

oleaut32

OleLoadPicture

gdi32

SetBkMode

ole32

GetHGlobalFromStream
OleCreateStaticFromData
CLSIDFromProgID
CoCreateInstanceEx
ReleaseStgMedium
OleRun
CreateOleAdviseHolder
CLSIDFromString
ReleaseStgMedium
CoCreateInstanceEx
CoFreeUnusedLibraries

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
FindTextA
GetOpenFileNameA

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 513B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 174KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7a2d20d5ca77cc5ce5f55b0016da486

Headers

File Characteristics

Imports

comctl32

shell32

advapi32

kernel32

shlwapi

version

user32

oleaut32

gdi32

ole32

comdlg32

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 513B

DATA Size: 174KB - Virtual size: 290KB

BSS Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 322B

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 513B

DATA
Size: 174KB - Virtual size: 290KB

BSS
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 322B