59f6018ed21c14aa6593fed2e1a7ed8e

Sharing

Copy URL Twitter E-mail

General

Target

59f6018ed21c14aa6593fed2e1a7ed8e
Size

904KB
MD5

59f6018ed21c14aa6593fed2e1a7ed8e
SHA1

99a8695066a3b7612f10a179189f7050cd5c43a2
SHA256

e6ec146330011d542d832078560bd11bd6adaef03a024d6f4c2b88d016040931
SHA512

87f66b1f5a26c8f5f62bb0e281d8c1cdec2ce01bfc8068e34811a792404566fbe6e758acbc653a37e8fdc563430d4f07751859a7fa081f6685c7fdc4a954e7b1
SSDEEP

12288:+V0s703WMp4StQOl59a4bz2KUnZ8/CiwZEJC5AuINfoC8lbNv0MglNUuU5oOqsNV:+es7jMdtQCDa4bCBuHs5AuGM8UTHhv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59f6018ed21c14aa6593fed2e1a7ed8e

Files

59f6018ed21c14aa6593fed2e1a7ed8e
.exe windows:4 windows x86 arch:x86

c9a2ba581bf62a7bc6b37b5dd24602ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathCombineA

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetTempPathA
MultiByteToWideChar
GetTempFileNameA
GetStringTypeW
VirtualProtect
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
LoadLibraryA
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetStringTypeA
HeapFree
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
IsBadWritePtr
ExitProcess
RtlUnwind
GetLastError
CreateDirectoryA
GetSystemInfo
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
VirtualQuery
CloseHandle
WriteFile
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

SetWindowTextA
GetClientRect
GetMessageW
DispatchMessageA
TranslateMessage
MessageBoxA
RegisterClassExW
CreateWindowExW
UnregisterClassW
LoadCursorA
ShowWindow
UpdateWindow
PostQuitMessage
DefWindowProcW
SystemParametersInfoA

gdi32

GetStockObject

shell32

ShellExecuteExA

ole32

CoGetClassObject
CoInitialize
OleSetContainedObject

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.brand
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c9a2ba581bf62a7bc6b37b5dd24602ce

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 25KB

.brand Size: 824KB - Virtual size: 824KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 25KB

.brand
Size: 824KB - Virtual size: 824KB