5acf38197e0dcdb3ebbffea9c981b2a2

Sharing

Copy URL

Twitter E-mail

General

Target

5acf38197e0dcdb3ebbffea9c981b2a2
Size

164KB
MD5

5acf38197e0dcdb3ebbffea9c981b2a2
SHA1

301384c588916f4508aa186dd51d5b65bd931740
SHA256

e872bb43769746dad9033c412587b07d0c7cb194487afaafceddc4db5880cbb9
SHA512

dc1dbc4da344c4ffa5033cbfc8ce42743fd089d634a92e22679e8642f8d3dcd60717d87b6ad93a717ea8da38cb337aee39d1f9dedc40b9f5e25cb9d68c6939e9
SSDEEP

3072:RxhZx6aNAf7q3jl/CCSyP3jHUnzyF0/PHK2hB5Pr9hTG0Kyf:RZgaNAjqztCCP/jHCyFCvhBh9hTG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5acf38197e0dcdb3ebbffea9c981b2a2

Files

5acf38197e0dcdb3ebbffea9c981b2a2
.exe windows:4 windows x86 arch:x86

c7d7debc6ef9a5f1ebdd40c5a6a048aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

PatBlt
StretchBlt
BitBlt
GetObjectA
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SetStretchBltMode
CreateDIBSection
SelectObject
GetStockObject
DeleteDC
CreateDCA
SetDIBits

user32

EqualRect
ReleaseDC
GetDC
CopyRect
PeekMessageA
RegisterClassA
PostMessageA
TranslateMessage
SendMessageA
EnableWindow
FillRect
InflateRect
SetParent
IsWindow
DispatchMessageA
GetDesktopWindow
SetRect
BringWindowToTop
DefWindowProcA
AttachThreadInput
InvalidateRect
wsprintfA
GetClientRect
UnregisterClassA

ole32

CoUninitialize
CoFreeUnusedLibraries
StringFromGUID2
StgOpenStorage
CoInitialize
GetRunningObjectTable
CoTaskMemAlloc
CoSetProxyBlanket
StgCreateDocfile
CreateItemMoniker
CoCreateInstance
CoTaskMemFree

shell32

SHGetSpecialFolderPathA

kernel32

GetSystemTime
GetFileSize
GlobalUnlock
LocalFree
GetTickCount
WaitForMultipleObjectsEx
ReadFile
CreateDirectoryA
LocalAlloc
CreateFileW
GetProcessId
GetTempFileNameA
DisableThreadLibraryCalls
CopyFileA
MultiByteToWideChar
CreateFileA
ReleaseMutex
GlobalFree
GetModuleFileNameA
CreateMutexA
InterlockedDecrement
GetVolumeInformationA
InterlockedIncrement
Sleep
CloseHandle
WideCharToMultiByte
GetVersionExA
GetTempPathA
EnumResourceTypesW
WaitForSingleObject
GetCurrentProcessId
GetFileAttributesA
GetCurrentThreadId
ExitProcess
DeleteFileA
VirtualFree
lstrlenA
GetModuleFileNameW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GlobalLock
DeleteCriticalSection
VirtualAlloc
GetLastError
InitializeCriticalSection
DeviceIoControl
SetFileAttributesA
SetFilePointer
FreeLibrary

avifil32

AVISaveOptions
AVIMakeCompressedStream

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueA
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7d7debc6ef9a5f1ebdd40c5a6a048aa

Headers

File Characteristics

Imports

gdi32

user32

ole32

shell32

kernel32

avifil32

shlwapi

advapi32

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 65KB - Virtual size: 65KB

.tls Size: 1024B - Virtual size: 100KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 65KB - Virtual size: 65KB

.tls
Size: 1024B - Virtual size: 100KB