37b596d82cde305fa059bcb13189a11b

Sharing

Copy URL

Twitter E-mail

General

Target

37b596d82cde305fa059bcb13189a11b
Size

92KB
MD5

37b596d82cde305fa059bcb13189a11b
SHA1

4d2a9fc6ce9869e4d06cf97958e6228725698dbe
SHA256

e93bc07ac9ceb6512b13ef22ea3d869c00e2f0c336815170c1037b175b3c9abf
SHA512

e29fbef2db17b816aa7cdb79cf959dd9ef71cc8a3bd7c547cb77f7538ed0edb3c347c5469cffdaa92f086ddf59d110cd06d332ab304c716ff7d7f375c317526e
SSDEEP

1536:yMNf4EKOAYajtuIw6gVSoKlJNcLY2LGCsG3xLawx+oVUVoJ:yMF4E+u4gVSo+csHO3gwx+oVU6J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b596d82cde305fa059bcb13189a11b

Files

37b596d82cde305fa059bcb13189a11b
.exe windows:4 windows x86 arch:x86

4c6575385b212b07cae2b3c6bda38794

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
FormatMessageA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
CreateFileMappingA
CreateThread
GetCurrentProcess
CreateEventA
UnmapViewOfFile
GetVolumeInformationA
MapViewOfFileEx
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForMultipleObjects
CreateMutexA
FindFirstFileA
HeapAlloc
ExitProcess
CompareStringA
CompareStringW
SetUnhandledExceptionFilter
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetStdHandle
GetFileType
GetStdHandle
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetOEMCP
VirtualAlloc
VirtualFree
TerminateProcess
HeapDestroy
GetVersionExA
HeapCreate
LCMapStringW
FindNextFileA
GetEnvironmentVariableA
LCMapStringA
MultiByteToWideChar
FindClose
WideCharToMultiByte
SetFilePointer
SetEndOfFile
GetFileSize
ReadFile
DeleteFileA
GetLastError
WriteFile
SetCurrentDirectoryA
SetEnvironmentVariableA
CloseHandle
CreateFileA
HeapReAlloc
HeapSize
RtlUnwind
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetVersion
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA

user32

InvalidateRect
SetForegroundWindow
ShowWindow
CreateDialogParamA
DestroyWindow
ValidateRect
PostQuitMessage
UpdateWindow
SendMessageA
GetDlgItem
PostMessageA
PostThreadMessageA
PeekMessageA
ExitWindowsEx
GetMessageA
SetWindowTextA
TranslateMessage
DispatchMessageA
EndDialog
DialogBoxParamA
LoadStringA
SendDlgItemMessageA
EndPaint
BeginPaint
MessageBoxA
GetClientRect
GetDC
ReleaseDC

gdi32

RealizePalette
GetObjectA
DeleteObject
CreateDIBitmap
SelectPalette
CreatePalette
DeleteDC
StretchBlt
SetStretchBltMode
SelectObject
CreateCompatibleDC

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

ord17

Exports

Exports

?CDAPFN0506_SendProtectMessage@@3UCDAPFN_PROPERTIES@@A
?PatchCallBack@@YGPAXIPAX@Z

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c6575385b212b07cae2b3c6bda38794

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 4KB