513bc7dccb71e29a7ddb7c16fdcbe322

Sharing

Copy URL

Twitter E-mail

General

Target

513bc7dccb71e29a7ddb7c16fdcbe322
Size

128KB
MD5

513bc7dccb71e29a7ddb7c16fdcbe322
SHA1

725fd210148d7b56dd82d314ff931d9ba3a790c6
SHA256

37db87199ca94cd3f10ffefa6b4f16f5cf370d3bd0fecfa34f10ad2646619fc6
SHA512

c6ca56cc08df0926d0f76e7a787696330e03af429d70559c22ca47f18154b6add5daea04d65eebe9b8a60092024522b809d85adb135c3ef2efd7a22b29871993
SSDEEP

1536:ilQ95PnrjMTeTUPHcvebQkN3iHOJ1JEj7J+6j5/EySin9sDkagUhZ6WxE5QArCgt:zrvMCw5fgJ+O5/NSinUKWNezM0gUl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
513bc7dccb71e29a7ddb7c16fdcbe322

Files

513bc7dccb71e29a7ddb7c16fdcbe322
.exe windows:4 windows x86 arch:x86

c3520f4c0cbcd238ff82aecc04011ead

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIFileInfo

shell32

ShellExecuteExW

activeds

FreeADsMem

user32

SetTimer
RedrawWindow
RegisterClipboardFormatW
GetSysColor
WinHelpW
GetDesktopWindow
DrawFocusRect
GetWindowLongW
UnhookWindowsHookEx
FillRect
CallNextHookEx
CreatePopupMenu
CopyRect
InvalidateRect
LoadBitmapW
SendMessageW
KillTimer
LoadIconW
GetParent
DestroyIcon
SetWindowsHookExW
LoadStringW
PostMessageW
AppendMenuW
EnableWindow
PostThreadMessageW
SetWindowLongW

ntmsapi

EjectDiskFromSADriveW

msvcrt

swscanf
wcsstr
_adjust_fdiv
__CxxFrameHandler
exit
_initterm
setlocale
_beginthread
wcsrchr
wcscmp
_except_handler3
wcscpy
_beep
_chdir
wcstoul
_purecall
iswdigit
_wtol
wcslen
free
swprintf

kernel32

QueryPerformanceCounter
GetProcessHeap
lstrcmpW
GetComputerNameW
GetModuleHandleW
GlobalFree
lstrlenW
HeapAlloc
GetCurrentProcess
LoadLibraryW
WaitForSingleObject
SetLastError
GetCurrentProcessId
GlobalAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetVersion
VirtualAlloc
GetModuleFileNameW
InitializeCriticalSection
FreeLibrary
LocalAlloc
CreateEventW
GetFileAttributesW
GlobalLock
GetProcAddress
GetModuleHandleA
lstrcpyW
InterlockedExchange
Sleep
EnterCriticalSection
LoadLibraryA
lstrcpynW
LoadLibraryExW
GetTickCount
SetEvent
DeleteCriticalSection
ResumeThread
GetLastError
SetUnhandledExceptionFilter
GetWindowsDirectoryW
TerminateProcess
GlobalUnlock
CloseHandle
UnhandledExceptionFilter
LocalFree
IsBadReadPtr
LeaveCriticalSection

ole32

ReleaseStgMedium
CoTaskMemAlloc
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance

gdi32

GetBkColor
ExtTextOutW
CreateHatchBrush
DeleteObject

dmutil

ShowMessage

Sections

.textbss
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3520f4c0cbcd238ff82aecc04011ead

Headers

File Characteristics

Imports

avifil32

shell32

activeds

user32

ntmsapi

msvcrt

kernel32

ole32

gdi32

dmutil

Sections

.textbss Size: - Virtual size: 496KB

.idata Size: 3KB - Virtual size: 3KB

.text Size: 512B - Virtual size: 504B

.rsrc Size: 121KB - Virtual size: 120KB

.textbss
Size: - Virtual size: 496KB

.idata
Size: 3KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 504B

.rsrc
Size: 121KB - Virtual size: 120KB