326113e93a22582763a0fed569f1c944

Sharing

Copy URL Twitter E-mail

General

Target

326113e93a22582763a0fed569f1c944
Size

199KB
MD5

326113e93a22582763a0fed569f1c944
SHA1

451a4cb985a5a403244bae890cf3829bd4f411cd
SHA256

798f5b734fa82e4107656cb8bd5922b3a38b36b96607e0b23b9c24074f8b3562
SHA512

59c69c7b64954170ba9304d1f5545776dad302c5cccb97bef9cbd806a505baa778efda63dc95dca14af8384cb02944cd691169fff2ee23e9786d12acc50d5ef7
SSDEEP

1536:pfqwDzObRHh7YMzl2fwV5/MvZAFFRkpGKohP4mRXJyErXutihdr:piwDzCRHh0Mzlsy1tFRkLohPlH+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
326113e93a22582763a0fed569f1c944

Files

326113e93a22582763a0fed569f1c944
.exe windows:5 windows x86 arch:x86

5b174f6695e016be15a38e3edb911f80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegEnumValueW
RegEnumKeyExA
GetAce
GetLengthSid
InitializeAcl
GetAclInformation
ImpersonateLoggedOnUser
RegSetValueExA
AdjustTokenPrivileges
IsValidAcl
MakeSelfRelativeSD
EqualSid
GetTokenInformation
GetTraceEnableLevel
OpenServiceW
GetSecurityDescriptorControl
RegEnumKeyW
RegSetValueExW
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
OpenProcessToken
RegOpenKeyA
RegOpenKeyW
UnregisterTraceGuids
StartServiceW
CryptDestroyKey
OpenThreadToken
IsValidSecurityDescriptor
ReportEventW
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegEnumKeyExW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGetHashParam
SetSecurityDescriptorDacl
SetEntriesInAclW

user32

GetDesktopWindow
LoadCursorA
GetWindowRect
CheckDlgButton
LoadBitmapA
GetMessageW
MessageBoxW
EndDialog
RegisterClassExW
PeekMessageA
FindWindowA
GetMenu
CallWindowProcA
ClipCursor
TranslateMessage
GetClassNameW
GetSystemMenu
GetCapture
GetFocus
SetCapture
CallWindowProcW
DragObject
GetSysColorBrush
GetActiveWindow
GetSubMenu
ReleaseCapture
GetCursorPos
IntersectRect
IsChild
GetSystemMetrics
IsWindow
PostMessageA
GetClientRect

msvcrt

_XcptFilter
wcsrchr
_ultoa
__wgetmainargs
memset
_strnicmp
__p__osver
_fileno
fseek
_iob
rand
wcsncat
isleadbyte
_itoa
time
sscanf
wcstol
towupper
fclose
_stat
strstr
_ftol
_strdup
strrchr
srand
iswdigit
_rotr
_controlfp
_except_handler3
towlower
__set_app_type

comdlg32

GetOpenFileNameA
ChooseFontA
ChooseColorA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameA
FindTextA
GetFileTitleA

kernel32

FormatMessageA
GetUserDefaultLCID
CreateDirectoryA
GetCurrentThreadId
RemoveDirectoryW
lstrcmpW
FileTimeToSystemTime
LeaveCriticalSection
ReadFile
lstrcatA
GetOEMCP
GetThreadLocale
CloseHandle
CompareStringW
SetFileAttributesW
ReleaseMutex
DeviceIoControl
WriteConsoleW
lstrcpynA
GetModuleHandleA
IsDBCSLeadByte
LCMapStringA
ExitProcess
CreateFileA
VirtualAlloc
ReleaseSemaphore
GetCommandLineW
lstrcpynW
FileTimeToLocalFileTime
FreeLibrary

shell32

SHGetMalloc
DragQueryFileW
DragQueryFileA
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHFileOperationW
ShellExecuteExW

ole32

OleLoadFromStream
StgCreateDocfile
CoUnmarshalInterface
CoInitialize
StringFromGUID2
OleUninitialize
OleInitialize
CoDisconnectObject
OleRegGetMiscStatus
StgIsStorageFile
CreateILockBytesOnHGlobal
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
CoReleaseMarshalData
OleSaveToStream
OleRegGetUserType
GetRunningObjectTable
CoCreateInstanceEx
CoTaskMemFree
CoSetProxyBlanket
ReleaseStgMedium
CreateDataAdviseHolder

oleaut32

SysAllocStringLen
RegisterTypeLib
SafeArrayCreate
VariantChangeTypeEx
SysStringLen
VariantCopy
SysReAllocStringLen
GetErrorInfo
SafeArrayPtrOfIndex

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 69KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b174f6695e016be15a38e3edb911f80

Headers

File Characteristics

Imports

advapi32

user32

msvcrt

comdlg32

kernel32

shell32

ole32

oleaut32

Sections

.rdata Size: 7KB - Virtual size: 6KB

.text Size: 10KB - Virtual size: 9KB

DATA Size: 34KB - Virtual size: 34KB

BSS Size: 69KB - Virtual size: 81KB

.rdata Size: 77KB - Virtual size: 126KB

.rdata
Size: 7KB - Virtual size: 6KB

.text
Size: 10KB - Virtual size: 9KB

DATA
Size: 34KB - Virtual size: 34KB

BSS
Size: 69KB - Virtual size: 81KB

.rdata
Size: 77KB - Virtual size: 126KB