36fa07ee3859e829f2230839ae8bb864

Sharing

Copy URL

Twitter E-mail

General

Target

36fa07ee3859e829f2230839ae8bb864
Size

128KB
MD5

36fa07ee3859e829f2230839ae8bb864
SHA1

81f8081ad40e1721a74d2102ac5c84dba7bbac58
SHA256

4627b854e4678fe9340e983a21fe5eb9268b6985fe0f8f8050e33be26f177239
SHA512

53b6d3ebefaa7ec3533bc302fc96e75ad386b8fa742dcd56abb611c77a05a3935a2aa96e104d192fcb67f05d7d2efcaa77750e9ae08b15f46d6f0f09530c6398
SSDEEP

3072:m7uHp6BjaawyPZq38kH94GGchAXctSx3eCILGeORt:mCJ6BeyPZ48kdHfQ8Sx3ehcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36fa07ee3859e829f2230839ae8bb864

Files

36fa07ee3859e829f2230839ae8bb864
.exe windows:5 windows x86 arch:x86

856c8a79e24f5a2525c61d619285a8ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LCMapStringA
FileTimeToLocalFileTime
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetConsoleOutputCP
lstrcmpiA
CompareStringA
InterlockedIncrement
VirtualQuery
GetStartupInfoA
IsDBCSLeadByte

msvcrt

_lseek
_adjust_fdiv
exit
__set_app_type
_fullpath
_stat
log
_lock
_acmdln
_except_handler3
fgetc
__setusermatherr
__p__fmode
_XcptFilter
_beginthreadex
__p__commode
_wcslwr
_initterm
sin
__getmainargs
wcstombs
ftell
sprintf

user32

SendMessageA
GetSysColorBrush
GetSubMenu
PostMessageA
IsChild
InsertMenuA
UpdateWindow
SetPropA

oleaut32

SafeArrayGetElement
SafeArrayRedim
GetActiveObject
SetErrorInfo
LoadTypeLib
SysStringLen
SafeArrayGetUBound

ole32

OleFlushClipboard
CoLoadLibrary
OleRun
OleGetClipboard
OleInitialize
OleSetClipboard
StringFromIID
StgCreateDocfileOnILockBytes
CoCreateInstance
IsAccelerator
OleUninitialize
CreateItemMoniker
GetRunningObjectTable
IsEqualGUID
OleIsCurrentClipboard
CoUninitialize
CLSIDFromProgID
IIDFromString

shell32

SHFileOperationA
DragQueryFileW
DragQueryFile
Shell_NotifyIconW
SHAddToRecentDocs
DragAcceptFiles
SHBrowseForFolderW

version

VerLanguageNameA
GetFileVersionInfoSizeW
VerQueryValueA
VerInstallFileA
GetFileVersionInfoA
VerInstallFileW

advapi32

RegOpenKeyW
CryptAcquireContextA
FreeSid
InitializeAcl
GetUserNameA
InitiateSystemShutdownA
RegEnumValueW
RegEnumKeyW

comctl32

ImageList_LoadImageW
ImageList_DragEnter
ImageList_GetIconSize
ImageList_Read
ImageList_Add
ImageList_SetOverlayImage
ImageList_LoadImageA
PropertySheetA
CreatePropertySheetPageA
CreateStatusWindowA

gdi32

CreateFontA
PolylineTo
EnumFontFamiliesW
SetViewportOrgEx
GetTextExtentPointA
EndDoc
Rectangle

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

856c8a79e24f5a2525c61d619285a8ac

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

oleaut32

ole32

shell32

version

advapi32

comctl32

gdi32

Sections

.text Size: 54KB - Virtual size: 53KB

.data Size: 43KB - Virtual size: 43KB

.rsrc Size: 30KB - Virtual size: 29KB

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 30KB - Virtual size: 29KB