370f56c6586be6cba8f96a73cd86f2ed

Sharing

Copy URL

Twitter E-mail

General

Target

370f56c6586be6cba8f96a73cd86f2ed
Size

307KB
MD5

370f56c6586be6cba8f96a73cd86f2ed
SHA1

3ff312cd4adfa8d8f322a00c7a70081a031800ef
SHA256

e5cd525ca45a0e04b79700c1b74d09ba8d95feaeeafaac7472e79a5ff8aeb507
SHA512

48e6e523a684a3be05bf3866f8517d5f4ce8cef07bdd58fa7394373960f19a240ce00a8f098ef2445b0076f1b8ece01a04701748843131a861d64af67bb7514a
SSDEEP

6144:fMNJFbSQaDJYR5r8G0EProTwBBuM/SfnYolDYs:fM3UQJVgYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
370f56c6586be6cba8f96a73cd86f2ed

Files

370f56c6586be6cba8f96a73cd86f2ed
.exe windows:4 windows x86 arch:x86

babc7ea235fd9da5b7e2fa4d65553b19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

ClientToScreen
CreatePopupMenu
EnableWindow
EnableMenuItem
GetSubMenu
GetMenu
SetMenu
CreateMenu
MessageBoxW
SetCursor
LoadCursorW
SetCapture
GetWindowTextW
GetClassNameW
GetWindowThreadProcessId
WindowFromPoint
AppendMenuW
ReleaseCapture
SetMenuDefaultItem
GetCursorPos
ScreenToClient
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetParent
GetWindowRect
GetWindowDC
ReleaseDC
LoadIconW
SendMessageW

shell32

CommandLineToArgvW

kernel32

GetStartupInfoW
GetModuleHandleW
GetCommandLineW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetVersionExW
CloseHandle
OpenProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GetComputerNameW
RemoveDirectoryW
CreateDirectoryW
GetSystemDirectoryW

comctl32

ImageList_ReplaceIcon

psapi

GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules

mfc42u

ord942
ord350
ord2756
ord1569
ord940
ord641
ord668
ord324
ord1775
ord2281
ord2776
ord6107
ord2855
ord5142
ord2406
ord3621
ord1634
ord860
ord3133
ord2762
ord3176
ord4053
ord823
ord825
ord1899
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord5261
ord4371
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5283
ord3793
ord4829
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord768
ord384
ord489
ord686
ord4253
ord800
ord3087
ord540
ord4704
ord6195
ord4155
ord2634
ord4118
ord6024
ord4848
ord4352
ord2857
ord2088
ord2910
ord3282
ord4219
ord2810
ord771
ord2520
ord1008
ord2031
ord498
ord858
ord861
ord5706
ord5679
ord4199
ord535
ord2859
ord4370
ord5276
ord4831
ord3592
ord3170
ord3614
ord2293
ord2357
ord4229
ord6330
ord4847
ord538
ord4197
ord755
ord1165
ord6211
ord4124
ord356
ord925
ord2606
ord6279
ord5647
ord3122
ord3611
ord3658
ord798
ord1989
ord6388
ord941
ord5188
ord2773
ord533
ord665
ord1560
ord5579
ord268
ord354
ord922
ord1826
ord5061
ord4629
ord4601
ord4710
ord4744
ord5010
ord4369
ord4846
ord2507
ord4828
ord355
ord4224
ord3494
ord2504
ord4677
ord2371
ord1143
ord2362
ord1089
ord470
ord2637
ord4215
ord2576
ord3649
ord6266
ord1637
ord2430
ord2858
ord5846
ord2032
ord3291
ord2030
ord4667
ord4269
ord4480
ord2546
ord5303
ord5727
ord3917
ord5285
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord561
ord3733
ord5710
ord4616
ord4418
ord1131
ord6371
ord815
ord927
ord2613

cutildll

CtxTestUserForAdmin

msvcrt

_controlfp
exit
time
_XcptFilter
_initterm
_wcmdln
__wgetmainargs
__p__commode
__setusermatherr
_adjust_fdiv
_except_handler3
__p__fmode
__set_app_type
_onexit
??1type_info@@UAE@XZ
__dllonexit
_wfopen
fclose
srand
_itow
rand
_exit
wcstoul
__CxxFrameHandler
_EH_prolog
wcscmp
wcscpy
wcstombs
wcslen
fgetws
wcstol
_ultow
wcscat

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW

gdi32

GetObjectW
PatBlt
CreateFontIndirectW

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

babc7ea235fd9da5b7e2fa4d65553b19

Headers

File Characteristics

Imports

user32

shell32

kernel32

comctl32

psapi

mfc42u

cutildll

msvcrt

advapi32

gdi32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 94KB - Virtual size: 94KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 94KB - Virtual size: 94KB