33c971162fc775799a4c29ef813450b8

Sharing

Copy URL Twitter E-mail

General

Target

33c971162fc775799a4c29ef813450b8
Size

177KB
MD5

33c971162fc775799a4c29ef813450b8
SHA1

95fee4ea8ad273dccfaca6d8b8c3a1b32d89ed66
SHA256

e7111d1fe00adbabb736e7628810918fa1ef98db059daca7c1681939adcd6c6e
SHA512

b38258f391a09deb4cbcbc374cdcae54f0b641f7b50fe79b94e4465a55e520f6dd6384056085d2a5c75a615fa58a05109c3d3119f5e5db781fa6937512a86729
SSDEEP

3072:K8VRN8H5ZniyJcC0YevZkjIwvw4GpUVBdeU4+Q8KsA8w:FmHHiy0bvZkjIv4Gp2BdeXcKew

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33c971162fc775799a4c29ef813450b8

Files

33c971162fc775799a4c29ef813450b8
.exe windows:4 windows x86 arch:x86

28e290edf9632c710f30b94f1bf148f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegSetValueW
RegQueryValueExW
RegCreateKeyW
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA

gdi32

DeleteDC
CreateSolidBrush
GetDIBits
StretchBlt
BitBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateDCW
GetObjectW
CreateBitmap
GetObjectType
CreateCompatibleBitmap
SetBrushOrgEx
CreateDIBSection
SetBkColor
SetStretchBltMode

user32

SetRectEmpty
DispatchMessageW
PeekMessageW
GetDC
wsprintfW
GetClientRect
IsRectEmpty
CopyRect
OffsetRect
FillRect
TranslateMessage
ReleaseDC
GetWindowRect

shell32

SHGetSpecialFolderPathA

winmm

timeGetTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

ole32

CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize

shlwapi

PathAppendW
PathFileExistsW
PathIsDirectoryW
PathRemoveBackslashW
PathRenameExtensionW
PathCombineW
PathAddBackslashW
PathFileExistsA
PathRemoveFileSpecW

kernel32

GetCurrentProcessId
SetFilePointer
CreateMutexA
OutputDebugStringA
WaitForMultipleObjects
GetLocaleInfoA
CloseHandle
CreateDirectoryW
GetProcAddress
GetFileAttributesA
GetTempPathW
GetVersionExW
InitializeCriticalSection
FindNextFileW
LocalFree
CopyFileA
LocalAlloc
DeleteCriticalSection
ReleaseMutex
GetCurrentThreadId
Sleep
GetTempFileNameA
GetModuleFileNameW
FindClose
GetProcessPriorityBoost
DeleteFileW
EnterCriticalSection
MulDiv
lstrlenA
FindFirstFileW
InterlockedExchange
ReadFile
InterlockedIncrement
EnumResourceTypesW
WriteFile
lstrlenW
GetThreadLocale
SetFileAttributesA
DeleteFileA
LeaveCriticalSection
LoadLibraryW
GetTempFileNameW
RemoveDirectoryW
CreateDirectoryA
CreateFileA
InterlockedDecrement
GetTickCount
QueryPerformanceCounter
ExitProcess
WaitForSingleObject
GetModuleFileNameA
FreeLibrary
WideCharToMultiByte
GetACP
MultiByteToWideChar
DisableThreadLibraryCalls
GetSystemTime
GetLastError
SetFileAttributesW
GetTempPathA
GetVersionExA
OutputDebugStringW
GetSystemTimeAsFileTime

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28e290edf9632c710f30b94f1bf148f7

Headers

File Characteristics

Imports

advapi32

gdi32

user32

shell32

winmm

avifil32

ole32

shlwapi

kernel32

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 68KB - Virtual size: 67KB

.tls Size: 1024B - Virtual size: 252KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 68KB - Virtual size: 67KB

.tls
Size: 1024B - Virtual size: 252KB