52c6987a17509ad3933f92b30238802b

Sharing

Copy URL

Twitter E-mail

General

Target

52c6987a17509ad3933f92b30238802b
Size

139KB
MD5

52c6987a17509ad3933f92b30238802b
SHA1

464d22012127cb57077323e424e2dceac36ca361
SHA256

f85b9bd549ab54c49d85fe2b893b254878b7de3c6c940e9cb3a3903ecb7bccbf
SHA512

37c4ce0ca1a207b162ba5e8ee028d6b819d9ae5d854b836dde8b8d6efcd389fcd68d9d8419da66f4430176f7e47020f429c475b235b7733a00ed14aba1db8530
SSDEEP

3072:v7SRsyneoxjjy6Oizp8GY6TKjzUy97790ejYh8bCGO5:qeohBDpxY6TU/977

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52c6987a17509ad3933f92b30238802b

Files

52c6987a17509ad3933f92b30238802b
.exe windows:5 windows x86 arch:x86

e9aad962e35d47465ac538f1bfbba646

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcmpiA
ExpandEnvironmentStringsA
GetStartupInfoA
SetFilePointer
GlobalFree
GetModuleHandleA
GetEnvironmentStrings
VirtualProtect
CreateProcessW
IsBadReadPtr

msvcrt

floor
strtok
exit
__set_app_type
_wtol
_except_handler3
strerror
_setmode
_acmdln
qsort
__p__fmode
strcat
__p__commode
__getmainargs
_adjust_fdiv
__dllonexit
_initterm
strcspn
__setusermatherr
_XcptFilter
remove
log
memchr

user32

CreatePopupMenu
GetCursorPos
CreateWindowExA
DrawIconEx
DialogBoxParamA
GetWindowTextA
InflateRect
ShowOwnedPopups
CallWindowProcA
GetMenuStringA

gdi32

UnrealizeObject
CreateBrushIndirect
StartDocA
SetWindowOrgEx
Polyline
CreateFontIndirectA
LineTo

version

VerFindFileW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerLanguageNameA

comctl32

ImageList_ReplaceIcon
ImageList_DragLeave
ImageList_Add
ImageList_SetDragCursorImage
ImageList_Remove
ImageList_Destroy
ImageList_AddMasked
ImageList_Read
ImageList_Write

advapi32

RegSetValueExA
CryptDestroyHash
AdjustTokenPrivileges
DeleteService
RegOpenKeyW
OpenThreadToken
LookupPrivilegeValueA
RegQueryValueExW
IsValidSid
AddAccessAllowedAce

oleaut32

SysReAllocStringLen
SysAllocStringLen
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
SafeArrayGetElement
GetActiveObject
VariantClear
SafeArrayRedim

ole32

OleDraw
CoSetProxyBlanket
OleFlushClipboard
CoGetMalloc
CoLoadLibrary
IIDFromString
CoRevokeClassObject
CoDisconnectObject
OleInitialize

shell32

SHGetPathFromIDListW
SHGetPathFromIDListA
DragQueryFile
ExtractIconExA
ShellExecuteEx

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9aad962e35d47465ac538f1bfbba646

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

version

comctl32

advapi32

oleaut32

ole32

shell32

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 48KB - Virtual size: 48KB

.rsrc Size: 26KB - Virtual size: 100KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 26KB - Virtual size: 100KB