5101806dd494113ec84562014d5c3da2

Sharing

Copy URL

Twitter E-mail

General

Target

5101806dd494113ec84562014d5c3da2
Size

543KB
MD5

5101806dd494113ec84562014d5c3da2
SHA1

9f64629c7acffa53c7615bead97692d45bfb2a14
SHA256

79f5d708586a2e2b00e76816e8e275cc6ed184139fe64c393ac47961eff1d51b
SHA512

81c61302517466893595667c151d94d6b440a8303997b50435c51dbae1a1a73b309b727b429b3638a96d7bdfc0190d5a61593bc30c3bf42063cf9e71756b4c83
SSDEEP

12288:LrZR6karr6XtqZTqGBprZmP9wi3MTBo+:HD/a9R8zGo+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5101806dd494113ec84562014d5c3da2

Files

5101806dd494113ec84562014d5c3da2
.exe windows:4 windows x86 arch:x86

8d1758eebc6ac6a83190f84e195f3b00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

TlsSetValue
TlsGetValue
RtlUnwind
OpenMutexA
GetStartupInfoA
UnhandledExceptionFilter
VirtualFree
EnumSystemLocalesA
GetStartupInfoW
SetHandleCount
GetOEMCP
GetStringTypeA
SetLastError
CompareStringW
TlsAlloc
WideCharToMultiByte
GetCurrentProcess
HeapFree
HeapCreate
LeaveCriticalSection
HeapAlloc
IsBadWritePtr
GetUserDefaultLCID
LoadLibraryA
GetCommandLineW
GetLocaleInfoW
GetEnvironmentStringsW
GetModuleFileNameW
GetCurrentThread
GetLastError
GetModuleHandleA
TlsFree
GetCPInfo
FoldStringA
FlushFileBuffers
GetFileType
GetSystemTimeAsFileTime
GetStdHandle
VirtualAlloc
VirtualQuery
GetVersionExA
GetModuleFileNameA
HeapDestroy
EnterCriticalSection
ReadFile
CreateFileMappingA
LCMapStringW
GetStringTypeW
CompareStringA
CreateMutexA
HeapSize
GetProcAddress
LCMapStringA
GetCommandLineA
GetCurrentProcessId
HeapReAlloc
IsValidCodePage
GetTimeZoneInformation
FreeEnvironmentStringsW
QueryPerformanceCounter
DeleteCriticalSection
GetTimeFormatA
VirtualProtect
GetSystemInfo
WriteFile
GetACP
GetEnvironmentStrings
SetFilePointer
SetEnvironmentVariableA
CloseHandle
FreeEnvironmentStringsA
MultiByteToWideChar
ExitProcess
IsValidLocale
TerminateProcess
InitializeCriticalSection
GetDateFormatA
GetCurrentThreadId
GetLocaleInfoA
InterlockedExchange
GetTickCount
SetStdHandle

user32

DdeQueryStringA
VkKeyScanExW
DefDlgProcW
CharLowerBuffA
LookupIconIdFromDirectoryEx
DlgDirListW
ScreenToClient
DdeCreateDataHandle
RegisterClassExA
DdeCreateStringHandleW
DrawTextExW
GetMonitorInfoA
RegisterClassA
UnhookWinEvent
GetTabbedTextExtentA

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1758eebc6ac6a83190f84e195f3b00

Headers

File Characteristics

Imports

comctl32

kernel32

user32

Sections

.text Size: 389KB - Virtual size: 388KB

.rdata Size: 36KB - Virtual size: 41KB

.data Size: 108KB - Virtual size: 107KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 389KB - Virtual size: 388KB

.rdata
Size: 36KB - Virtual size: 41KB

.data
Size: 108KB - Virtual size: 107KB

.rsrc
Size: 9KB - Virtual size: 8KB