30ca19dfad4bbc502ec606c0e896eb1b

Sharing

Copy URL Twitter E-mail

General

Target

30ca19dfad4bbc502ec606c0e896eb1b
Size

140KB
MD5

30ca19dfad4bbc502ec606c0e896eb1b
SHA1

123c33f191a8def13144274c916b085c38d094d4
SHA256

62c593f7043ec0521bd9dc3f8e2785e58f63648bb0e7b410d33f8f802db631c9
SHA512

d8ebf6e303c5c7e1712010873e5541b737de620c44fb60eacc9ea1fffe5da0645ef0a2f6969ab080ab4a0b1a16d563dc54f3bb80dfd9618eb943d5a6cb6101af
SSDEEP

3072:26bdVr83vr99EYC4zd/RlW7uet4p6JSBFERKIZG/u2hd:2EiD/ztRlWPt1EBFERKqGmY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30ca19dfad4bbc502ec606c0e896eb1b

Files

30ca19dfad4bbc502ec606c0e896eb1b
.exe windows:5 windows x86 arch:x86

172ae330d4b8bdea08ac971943e7f4ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_initterm
__set_app_type
remove
_adjust_fdiv
_except_handler3
strcmp
__p__commode
memcpy
log
__setusermatherr
_XcptFilter
fclose
_acmdln
iswdigit
__getmainargs
_controlfp
fseek
vsprintf
exit
_strdup
__p__fmode

kernel32

GetStringTypeW
VirtualProtect
GetStartupInfoA
GetVersion
GetConsoleMode
FlushFileBuffers
FileTimeToSystemTime
GetModuleHandleA
GetSystemInfo
GetLocaleInfoA

advapi32

RegEnumValueA
CheckTokenMembership
DeleteService
RegEnumKeyExW
CryptDestroyHash
RegDeleteValueW
GetTokenInformation
GetLengthSid
DeregisterEventSource
RegQueryInfoKeyA
EqualSid
CryptReleaseContext
RegQueryValueA

shell32

SHGetFolderLocation
SHBindToParent
SHGetSpecialFolderPathA
ExtractIconExA
SHGetSettings
SHGetSpecialFolderPathW
DragQueryFileA
DoEnvironmentSubstW
SHAddToRecentDocs

gdi32

CreateDIBitmap
SetBrushOrgEx
CreateDCW
SetArcDirection
LPtoDP
EnumFontFamiliesExW
GetTextFaceW
SaveDC
GetBitmapBits

oleaut32

VariantInit
SafeArrayGetElement
VariantCopy
GetActiveObject
SafeArrayCreate
SafeArrayPutElement
SysAllocStringByteLen
SysAllocStringLen

version

VerQueryValueA
GetFileVersionInfoW
VerInstallFileW
VerFindFileW
VerInstallFileA
VerQueryValueW

ole32

CoInitializeEx
OleInitialize
ProgIDFromCLSID
CreateBindCtx
CoCreateGuid
CoGetClassObject
DoDragDrop
CoUninitialize

user32

DeleteMenu
SystemParametersInfoA
SetScrollRange
SetTimer
CheckMenuItem
DrawFrameControl
CallNextHookEx
GetScrollRange
SetClipboardData
InflateRect
GetMenuState
ShowCursor
InsertMenuItemA
MapWindowPoints

comctl32

ImageList_Read
ImageList_Write
DestroyPropertySheetPage
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_SetDragCursorImage
ImageList_SetOverlayImage
CreatePropertySheetPageW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

172ae330d4b8bdea08ac971943e7f4ff

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

shell32

gdi32

oleaut32

version

ole32

user32

comctl32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 17KB - Virtual size: 41KB

.rsrc Size: 104KB - Virtual size: 104KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 17KB - Virtual size: 41KB

.rsrc
Size: 104KB - Virtual size: 104KB