564dde7f9e2479757b02b951a154fec3

Sharing

Copy URL

Twitter E-mail

General

Target

564dde7f9e2479757b02b951a154fec3
Size

59KB
MD5

564dde7f9e2479757b02b951a154fec3
SHA1

1f19a4c7c1d8f65e85607ba06d8130517bf87197
SHA256

6bae58a804b62788ea7d0d651e38e51f8a2b48b0dd017366026f276491b9b0c5
SHA512

26d717d79adaae8c32eef73ad7364e88e5fc0fe2e5c949df6de9e24b71336756a8733347369259582be95845ff6ac3c15410e3e7787f2df6dd7e9ea4f84ed0b9
SSDEEP

1536:AXMMMbR1Zkey9ARTWgxaXHKU8Ji5yzfLhQL7XiFLCu2GU4mEYX:AXMMM1v3PRZ4XP+SKl6GFL92FX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
564dde7f9e2479757b02b951a154fec3

Files

564dde7f9e2479757b02b951a154fec3
.exe windows:4 windows x86 arch:x86

25d4a444137a9229bf42ff5c19193198

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
WriteFile
CopyFileA
ReadConsoleA
DeleteFileW
DeleteFileA
CopyFileW
CopyFileExW
CopyFileExA
GetFileTime
GetFileSize
CreateThread
CreateProcessA
GetLastError
GetCommandLineA
OpenFileMappingA
ReadFile
GetComputerNameA
DeleteAtom
SetLastError
CreateDirectoryA
OpenFile
FindFirstFileA
FindAtomA

advapi32

RegOpenKeyA
RegReplaceKeyA
RegQueryValueW
RegDeleteKeyA
RegEnumKeyExW
RegReplaceKeyW
RegOpenKeyExA
RegEnumValueW
RegCreateKeyW
RegQueryValueA
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegLoadKeyW
RegDeleteKeyW
RegEnumKeyA
RegFlushKey
RegGetKeySecurity
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExA
RegEnumKeyW
RegDeleteValueA
RegLoadKeyA

gdi32

CloseMetaFile
ExcludeClipRect
AddFontResourceW
CloseFigure
DeleteObject
SetTextColor
GetBitmapBits
AddFontResourceExW
DeleteDC
CancelDC
CreateSolidBrush
BeginPath
ClearBitmapAttributes
GetBrushOrgEx
ClearBrushAttributes
AddFontMemResourceEx
AddFontResourceA

user32

DialogBoxParamA
InsertMenuA
BlockInput
DrawIconEx
IsMenu
GetWindowTextA
AppendMenuA
CopyImage
CopyIcon
IsWindow
DrawTextW
AlignRects
GetCursor
AppendMenuW
EndDialog
LoadCursorA
CloseWindow
GetFocus

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_GetImageInfo
ImageList_DragMove
ImageList_DragEnter
ImageList_GetIcon
ImageList_Draw
ImageList_EndDrag
ImageList_LoadImageW
ImageList_AddIcon
ImageList_GetIconSize
ImageList_LoadImage
ImageList_DrawEx
ImageList_DragLeave
ImageList_Create
ImageList_Merge
ImageList_Replace

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 287B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 453B

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25d4a444137a9229bf42ff5c19193198

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

comctl32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 50KB - Virtual size: 149KB

.rsrc Size: 512B - Virtual size: 287B

.reloc Size: - Virtual size: 453B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 50KB - Virtual size: 149KB

.rsrc
Size: 512B - Virtual size: 287B

.reloc
Size: - Virtual size: 453B