4af05890ac244b2debda197eb72be55e

Sharing

Copy URL

Twitter E-mail

General

Target

4af05890ac244b2debda197eb72be55e
Size

156KB
MD5

4af05890ac244b2debda197eb72be55e
SHA1

15c393e51bc2f1e650e580ce3c77752af3ce8c9d
SHA256

791a0cbf6c69a0e048c1dd98964630f49b822b8ce155700932d5183376fe88e4
SHA512

e5ba9cf7766bda80ddda514576ebf4c915e2b3c6c05e61e132bc7dd014f133998ca01f0a19422f14a78229902aa738d6af8388ec0908e42c85e10a0c5051222a
SSDEEP

3072:ldt6Fd/Xdc31yI51F5/rL+dotPjLUqTOa3ZPa92cK:TwPo1yO52

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4af05890ac244b2debda197eb72be55e

Files

4af05890ac244b2debda197eb72be55e
.exe windows:4 windows x86 arch:x86

60ae292b7499b8caf8634c1214e4ed78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
RtlUnwind
GetStartupInfoA
TerminateProcess
HeapFree
HeapAlloc
GetTimeZoneInformation
RaiseException
HeapReAlloc
HeapSize
Sleep
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FlushFileBuffers
ExitProcess
SetHandleCount
GetCommandLineA
ReadFile
GetModuleHandleA
WritePrivateProfileStringW
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
lstrlenW
InterlockedDecrement
InterlockedIncrement
FindNextFileW
lstrcpyW
FindFirstFileW
GetLastError
SetLastError
FindClose
GetCommandLineW
SetFilePointer
WriteFile
GetCurrentProcess
FreeLibrary
GetProcessVersion
LoadLibraryA
GetVersion
GlobalAddAtomW
GlobalFindAtomW
GetStdHandle
GetCurrentDirectoryW
GetProcAddress
ExpandEnvironmentStringsW
GetModuleHandleW
GetFileType
GetWindowsDirectoryW
GlobalFlags
lstrcmpiW
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynW
lstrcatW
SetErrorMode
GetModuleFileNameW
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
GetVersionExA
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExW
InterlockedExchange

user32

GetCapture
GetTopWindow
WinHelpW
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconW
ShowWindow
LoadCursorW
GetSysColorBrush
DestroyMenu
GetMenuItemID
GetDlgItem
DefWindowProcW
DestroyWindow
CreateWindowExW
SetPropW
GetPropW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongW
GetSubMenu
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetSystemMetrics
GrayStringW
DrawTextW
TabbedTextOutW
ReleaseDC
GetDC
GetMenuItemCount
UnhookWindowsHookEx
GetWindowTextW
SetWindowTextW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameW
LoadBitmapW
GetMenuState
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetMenu
wsprintfW
LoadStringW
RemovePropW
GetMessageTime
SetWindowPos
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
SendMessageW
MessageBoxW
EnableWindow
PostMessageW
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuW
GetMenuCheckMarkDimensions

gdi32

DeleteObject
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
RectVisible
TextOutW
PtVisible
Escape
ExtTextOutW
GetObjectW
DeleteDC
CreateBitmap

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
RegCreateKeyExW

comctl32

ord17

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60ae292b7499b8caf8634c1214e4ed78

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 9KB - Virtual size: 28KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 9KB - Virtual size: 28KB