30497080e2688d4436c567f5b4d4f02c

Sharing

Copy URL

Twitter E-mail

General

Target

30497080e2688d4436c567f5b4d4f02c
Size

166KB
MD5

30497080e2688d4436c567f5b4d4f02c
SHA1

401bd177ae4bc8d2ff2416c9094810b03d9f50c4
SHA256

15fb117f197fe2449e5028247ce00b6a9a8db0aefeed7f58a1d1301143bcc3dc
SHA512

f9394d165f94ca109c799a1350b1d98a5d7fa7140c908e8d8c7ebc91ad1281375c4da8b4e1fd21f7bc2ea67d1c602e20ca992aa9856180b3e82d81a30320f652
SSDEEP

3072:aaGuHqnPHuPYG9D+vnFmDQ8ouGJdCspJhWsBAxYpIBH0NH:nH/D+dmDUDCmJkSsY2hQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30497080e2688d4436c567f5b4d4f02c

Files

30497080e2688d4436c567f5b4d4f02c
.exe windows:4 windows x86 arch:x86

85ee8633b18cb277d43a2e0db3c498af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
FreeResource
SetThreadLocale
GetACP
ExitProcess
SetEvent
InitializeCriticalSection
SetLastError
ReadFile
GetCommandLineA
FormatMessageA
GlobalDeleteAtom
GetModuleHandleA
GetStringTypeA
MulDiv
GetUserDefaultLCID
EnumCalendarInfoA
GlobalFindAtomA
GetCurrentProcessId
LockResource
FindClose
GetFullPathNameA
FindFirstFileA
DeleteCriticalSection
GetProcessHeap
GetProcAddress
RaiseException
GetOEMCP
VirtualAlloc
GetLocaleInfoA
GetStdHandle
GetThreadLocale
EnterCriticalSection
GetStartupInfoA
WriteFile
GetCurrentProcess
GetFileType
ExitThread
GetVersion
CloseHandle
Sleep
GetLocalTime
CompareStringA
LocalFree
GetVersionExA
GlobalAlloc
LocalAlloc
lstrcatA
GetModuleFileNameA
GetFileSize
SetEndOfFile
SizeofResource
ResetEvent
LoadLibraryExA
SetHandleCount
GetFileAttributesA
CreateThread
lstrcpyA
lstrcpynA
LocalReAlloc
SetErrorMode
GetCPInfo
VirtualAllocEx
lstrlenA
lstrcmpA
GetStringTypeW
GetEnvironmentStrings
SetFilePointer
MoveFileA
HeapFree
LoadResource
WideCharToMultiByte
HeapDestroy
HeapAlloc
GetTickCount
VirtualFree
GetDiskFreeSpaceA
GetSystemDefaultLangID
lstrcmpiA
FindResourceA
GetDateFormatA
FreeLibrary
MoveFileExA
CreateEventA
GetCurrentThread
CreateFileA
VirtualQuery
GlobalAddAtomA
DeleteFileA
LoadLibraryA
WaitForSingleObject
GetCurrentThreadId

shlwapi

PathIsDirectoryA
PathIsContentTypeA
SHStrDupA
SHQueryValueExA
PathGetCharTypeA
SHDeleteKeyA
PathFileExistsA
SHEnumValueA

oleaut32

SafeArrayGetUBound
SysStringLen
GetErrorInfo
VariantCopyInd
SysAllocStringLen
OleLoadPicture
VariantChangeType
SysReAllocStringLen
SafeArrayGetElement

comctl32

ImageList_Destroy
ImageList_DrawEx
ImageList_DragShowNolock
ImageList_Remove
ImageList_Read

comdlg32

ChooseColorA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

gdi32

GetDCOrgEx
GetDIBColorTable

msvcrt

mbstowcs
exit
abs
memcpy
wcschr
sprintf
memcmp
swprintf
srand
wcscspn
log
time
rand
wcsncmp
fabs
log10
memmove

user32

CheckMenuItem
EnumChildWindows
GetActiveWindow
SetWindowPos
CreateMenu
GetMenuItemID
CharLowerA
DispatchMessageW
IsChild
FindWindowA
FrameRect
GetScrollPos
DeferWindowPos
EnumWindows
GetKeyState
GetMenuItemCount
GetCursorPos
DefWindowProcA
GetParent
CharLowerBuffA
GetCursor
GetWindow
GetFocus
GetLastActivePopup

version

GetFileVersionInfoA

Sections

CODE
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 119KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85ee8633b18cb277d43a2e0db3c498af

Headers

File Characteristics

Imports

kernel32

shlwapi

oleaut32

comctl32

comdlg32

gdi32

msvcrt

user32

version

Sections

CODE Size: 43KB - Virtual size: 43KB

INIT Size: 119KB - Virtual size: 198KB

.rdata Size: 512B - Virtual size: 312B

.bss Size: 2KB - Virtual size: 1KB

CODE
Size: 43KB - Virtual size: 43KB

INIT
Size: 119KB - Virtual size: 198KB

.rdata
Size: 512B - Virtual size: 312B

.bss
Size: 2KB - Virtual size: 1KB