644ecb725b5b788d27f8ad2c6b640d15

Sharing

Copy URL Twitter E-mail

General

Target

644ecb725b5b788d27f8ad2c6b640d15
Size

100KB
MD5

644ecb725b5b788d27f8ad2c6b640d15
SHA1

314a63a6596b97a6bba1a82a00c515cbd42a0e90
SHA256

75f34a715726a80b45a0deab8812a969e2f6531e381ba3c6a4dde4fc75bc0a16
SHA512

b8ba74bdfb28d9b45131addfcadabc305a196cc8f145daef001a515bfe495c041f073650e6ac6a71ce21facb4b166f754bee8cb92ba1f392f6160962fb8f321d
SSDEEP

3072:l1E7d4V74+LHEbb8urJoSacG5EGAFyKvtot8:fid4V7bwUECS85gtum

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
644ecb725b5b788d27f8ad2c6b640d15

Files

644ecb725b5b788d27f8ad2c6b640d15
.exe windows:5 windows x86 arch:x86

d7b0b65a84d9ca60ba8eece34a843114

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

advapi32

RegCreateKeyExW
RegEnumValueW
RegQueryValueExA
EqualSid
RegCreateKeyW
InitializeAcl

kernel32

ProcessIdToSessionId
GetShortPathNameW
GetConsoleMode
RtlUnwind
GetCurrentDirectoryW
HeapSize
GetTimeFormatA
GetCurrentProcessId
GetCPInfo
ReadFile
GetStartupInfoW
HeapDestroy
GetProcessHeap
GetTempFileNameA
GetModuleFileNameA
HeapCreate
VirtualAlloc
IsBadReadPtr
lstrcpynW
GlobalAlloc
CompareStringW
GetFileTime
HeapFree
ExitProcess
LoadResource
lstrlenA
CreateMutexW
SearchPathW
CopyFileA
GetLastError

comctl32

ImageList_Draw

gdi32

GetViewportOrgEx
PolylineTo
CreateDIBSection
CreateFontIndirectW
GetEnhMetaFileBits
Pie
CopyMetaFileW
SelectClipRgn
ExtTextOutA
CreatePen
PtVisible
GetObjectW
Arc
GetCurrentObject
GetBkMode
SetStretchBltMode
CloseMetaFile
GetPaletteEntries
Polyline
OffsetViewportOrgEx
GetTextColor
ExtFloodFill
GetEnhMetaFileHeader
SetPixelV
SetMapMode
ExcludeClipRect
TextOutA
Escape
DeleteMetaFile
CreateBrushIndirect
StretchDIBits
ScaleWindowExtEx
GetRgnBox
CreatePalette
GetTextExtentPoint32W
GetWinMetaFileBits
LineTo
GetTextCharsetInfo
SetPixel
SetWindowOrgEx
SelectPalette

msvcrt

strncat
fputs
fflush
wcscat
_itow
_ltow
strerror
_unlock
fwrite
_lock
__setusermatherr
_wfsopen
_close
strcmp
iswctype

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 35KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7b0b65a84d9ca60ba8eece34a843114

Headers

File Characteristics

Imports

version

advapi32

kernel32

comctl32

gdi32

msvcrt

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 35KB - Virtual size: 80KB

.idata Size: 10KB - Virtual size: 29KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 35KB - Virtual size: 80KB

.idata
Size: 10KB - Virtual size: 29KB

.rsrc
Size: 20KB - Virtual size: 19KB