621574a35dc021fb66fb0679e9c91611

Sharing

Copy URL

Twitter E-mail

General

Target

621574a35dc021fb66fb0679e9c91611
Size

100KB
MD5

621574a35dc021fb66fb0679e9c91611
SHA1

3dd4dc8193526508c113fe4b73be518a7029e4cf
SHA256

c6ff38049b4720da1dbb411dc6162a588bd473bad12a75869b1f52e43fbb278c
SHA512

e27ca5aeb6debd9d72d6e8e661e55f56e566c00c0d0677ac62931f3373c97a87c9356c5eba43fe06ce6f47207fcab1a314d047f02c1f2094afc0ef571f5f28c5
SSDEEP

3072:sGoHl1Cr3bSsHEIxLzkk3greqzSbXm8jbxDhh81:poF1Cr3bSsHEIxL5g1eLmIdf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
621574a35dc021fb66fb0679e9c91611

Files

621574a35dc021fb66fb0679e9c91611
.exe windows:5 windows x86 arch:x86

dbeea143f4240033f3f5daf3fd5ee125

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHBrowseForFolderA
DragQueryFileW
SHGetDesktopFolder
CommandLineToArgvW
SHGetSpecialFolderLocation
SHChangeNotify
DragQueryFileA

ole32

ReleaseStgMedium
CoSetProxyBlanket
CoRevokeClassObject
GetHGlobalFromStream
CoRevertToSelf
StgCreateDocfile
StgOpenStorage
GetRunningObjectTable
CLSIDFromString
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream
CoGetClassObject
CoInitialize
CreateStreamOnHGlobal
CoInitializeSecurity
CreateBindCtx
StringFromCLSID
OleUninitialize
CoCreateGuid
CoInitializeEx
CoImpersonateClient
StringFromGUID2
CoGetInterfaceAndReleaseStream
CreateOleAdviseHolder
CoFreeUnusedLibraries
CoGetContextToken
CreateDataAdviseHolder
CoTaskMemAlloc
CLSIDFromProgID
IIDFromString
CoGetObjectContext
StgCreateDocfileOnILockBytes

msvcrt

sprintf
_ftol
__setusermatherr
strncmp
__p__commode
iswctype
_itoa
memcpy
wcstoul
setlocale
time
wcsrchr
fread
_controlfp
strstr
??1type_info@@UAE@XZ
__wgetmainargs
printf
strchr
_CxxThrowException
wcscat
__p__fmode
??2@YAPAXI@Z
__set_app_type
__dllonexit
_wcsnicmp
_wcsupr
isxdigit
_initterm
wcstol

oleaut32

SysReAllocStringLen
SafeArrayGetLBound
OleLoadPicture
GetActiveObject
VariantCopyInd
SafeArrayCreate
SafeArrayAccessData
VariantChangeTypeEx
SysStringLen
SafeArrayPutElement
CreateErrorInfo
VariantClear
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetElement
VariantInit
SafeArrayPtrOfIndex
VariantCopy
LoadTypeLib
SafeArrayGetUBound
SysFreeString
GetErrorInfo
RegisterTypeLib
VariantChangeType

rpcrt4

NdrClientCall2
RpcBindingFree
CStdStubBuffer_Disconnect
NdrDllRegisterProxy
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
RpcEpResolveBinding
CStdStubBuffer_AddRef
UuidToStringA
RpcBindingSetAuthInfoW
CStdStubBuffer_Invoke
NdrServerCall2
RpcServerUseProtseqEpW
RpcStringFreeW
NdrStubForwardingFunction
UuidCreate
CStdStubBuffer_IsIIDSupported
RpcStringBindingComposeW
NdrStubCall2
RpcRaiseException
UuidFromStringW
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
RpcStringFreeA
NdrOleAllocate
NdrCStdStubBuffer_Release
RpcBindingToStringBindingW
RpcBindingFromStringBindingW
UuidToStringW

user32

GetActiveWindow
GetSysColor
LoadIconA
CharNextA
InvalidateRect
IsWindow
LoadImageW
ReleaseDC
GetMenu
GetSysColorBrush
ChangeMenuW
GetWindowPlacement
GetWindowDC
EnableWindow
GetSystemMenu
GetSystemMetrics
UnhookWindowsHookEx
GetWindow
RedrawWindow
ReleaseCapture
MsgWaitForMultipleObjects
BeginPaint
GetMessageA
IsChild
CheckMenuItem
CreateWindowExW
GetCursorPos
GetWindowTextA
GetSubMenu
GetDlgItemTextA
RegisterClassExA

kernel32

GetThreadLocale
GetLocaleInfoW
GetCPInfo
GetCommandLineW
VirtualAlloc
ExitProcess
CreateFileMappingA
GetProcessHeap
DeviceIoControl
ResetEvent
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
lstrcatA
IsBadReadPtr
GetFullPathNameW
GetCommandLineA
LoadLibraryA
GetSystemDirectoryW
SetEvent
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
LocalAlloc
GetConsoleMode
CloseHandle
GetACP
WriteConsoleW
lstrcpynW
OutputDebugStringW
GetCurrentThread
GetOEMCP
GetCurrentProcessId
GetModuleHandleW
GetUserDefaultLCID
TerminateProcess
FindNextFileA
GetStdHandle
CreateMutexW
SetStdHandle
Sleep
GetVersionExW
TlsAlloc

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbeea143f4240033f3f5daf3fd5ee125

Headers

File Characteristics

Imports

shell32

ole32

msvcrt

oleaut32

rpcrt4

user32

kernel32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 47KB - Virtual size: 106KB

.reloc Size: 512B - Virtual size: 483B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 47KB - Virtual size: 106KB

.reloc
Size: 512B - Virtual size: 483B