682f01027dc24837002a4adbe61ae119

Sharing

Copy URL Twitter E-mail

General

Target

682f01027dc24837002a4adbe61ae119
Size

84KB
MD5

682f01027dc24837002a4adbe61ae119
SHA1

1b6cf5c939a933d22cd1e15cf8b94ee62c2a824e
SHA256

41ca0f3c4b41d5b48d85029a3dd4ad344e2f3f18a8df8765c2eef3786297829e
SHA512

f963de585b3a3921e3cd87ee6e3e2225e21e3823f94e28982119dfc2cff669e9c80373129aa5c17e15ce6351334a969e9b55304ae913e8e38368dcbb7cd938c6
SSDEEP

1536:gg53ZqjgFa1203VB8Uyz01H5t24b+DtICBx1IQTZqT1b0dZ0:ggfla1203v7yz0ZNC9BIQTQT1I0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
682f01027dc24837002a4adbe61ae119

Files

682f01027dc24837002a4adbe61ae119
.exe windows:4 windows x86 arch:x86

cb63e2dc9ad598d97ab4e27dc4edbd96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupCloseInfFile

kernel32

WideCharToMultiByte
GetModuleFileNameA
lstrlenA
CreateFileA
OutputDebugStringA
UnmapViewOfFile
HeapAlloc
GetFileType
HeapCreate
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetLastError
GetStartupInfoA
DeleteFileA
GetCurrentThreadId
FreeEnvironmentStringsW
InitializeCriticalSection
GetSystemInfo
HeapReAlloc
SetFilePointer
MapViewOfFile
IsDBCSLeadByte
SetThreadLocale
VirtualAlloc
SetCurrentDirectoryW
LCMapStringA
TlsSetValue
GetProcessHeap
GetEnvironmentStrings
LoadLibraryW
FormatMessageA
MultiByteToWideChar
WaitForMultipleObjects
LoadLibraryA
CloseHandle
Sleep
GetCommandLineA
TlsGetValue
SetEvent
VirtualQuery
SetLastError
GetStringTypeA
IsValidCodePage
SetFileAttributesA
GetLocaleInfoA
LCMapStringW
LeaveCriticalSection
CreateMutexA
lstrcpyA
GetUserDefaultLCID
RaiseException
InterlockedExchange
HeapDestroy
IsValidLocale
GetEnvironmentStringsW
GetStdHandle
GetProcAddress
lstrcpynA
HeapFree
ReleaseMutex
SetHandleCount
GetThreadLocale
GetLocaleInfoW
GetCurrentProcess
TlsFree
UnhandledExceptionFilter
CreateEventA
GetModuleHandleA
EnterCriticalSection
VirtualFree
GetCPInfo
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
FlushFileBuffers
VirtualProtect
TlsAlloc
GetOEMCP
GetWindowsDirectoryA
GetACP
DeleteCriticalSection
LocalAlloc
GetTickCount
FreeLibrary
WaitForSingleObject
TerminateProcess
SetStdHandle
GetCurrentDirectoryW
InterlockedIncrement
LocalFree
EnumSystemLocalesA
GetVersionExA
FreeEnvironmentStringsA
ExitProcess

user32

MessageBoxA

avifil32

AVIFileOpenW

ntdll

RtlUnwind

Sections

.textbss
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pxagpaw
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb63e2dc9ad598d97ab4e27dc4edbd96

Headers

File Characteristics

Imports

setupapi

kernel32

user32

avifil32

ntdll

Sections

.textbss Size: - Virtual size: 448KB

.rdata Size: 79KB - Virtual size: 78KB

.text Size: 512B - Virtual size: 512B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 28KB

pxagpaw Size: - Virtual size: 4KB

.textbss
Size: - Virtual size: 448KB

.rdata
Size: 79KB - Virtual size: 78KB

.text
Size: 512B - Virtual size: 512B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 28KB

pxagpaw
Size: - Virtual size: 4KB