72ed655bf5ea08a453c903f65e8d4555

Sharing

Copy URL

Twitter E-mail

General

Target

72ed655bf5ea08a453c903f65e8d4555
Size

97KB
MD5

72ed655bf5ea08a453c903f65e8d4555
SHA1

a74af7cb0e4c992073ca529728a8f619586260c0
SHA256

3ea3a671287a6b16be9482849fc6635e9cb6f71935a23fc1ccd95f3d9ca43f7f
SHA512

5eb94a403288f58c3b8e66c3edac9d01415f83f799ab16ca56fafc46a6aca4ef98086724eb30868f65ab9691a4e7049008cdecb657ffef7eb488c9e6f7aafa8d
SSDEEP

1536:wohkubbenDPQSCif5TQdd2vCM2Fd/wWrEcL1rdJW4QC9:3kkanLQRifpC28hwqtQO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72ed655bf5ea08a453c903f65e8d4555

Files

72ed655bf5ea08a453c903f65e8d4555
.exe windows:4 windows x86 arch:x86

9d5913c5a390e662ff4d9067c32dd34f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WinVerifyTrust

setupapi

SetupIterateCabinetW

gdi32

CreateFontIndirectW
DeleteObject
GetDeviceCaps
CreateDCW
CreateDIBSection
RemoveFontResourceW
CreateICW
CreatePatternBrush
CreateDIBPatternBrush
ExtCreateRegion
AddFontResourceA
GetEnhMetaFileW
TranslateCharsetInfo
CreateColorSpaceW

crypt32

CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CryptDecodeObject
CertVerifyCertificateChainPolicy
CryptUnprotectData
CryptMsgGetParam
CryptMsgClose
CryptHashPublicKeyInfo
CertFreeCertificateChain
CryptMsgGetAndVerifySigner
CertGetCertificateChain

oleaut32

CreateErrorInfo
VariantCopy
VariantInit
VarBstrCmp
SafeArrayPutElement
VarUI4FromStr
VariantTimeToSystemTime
SysAllocString
SysStringByteLen
SysFreeString
SafeArrayDestroy
SystemTimeToVariantTime
VariantClear
SafeArrayCreate
SysAllocStringByteLen
SetErrorInfo
LoadTypeLi
DispGetParam
LoadRegTypeLi
SysStringLen
GetErrorInfo
SysAllocStringLen

shlwapi

PathRemoveBackslashW
PathStripToRootW
PathAddBackslashW
PathCommonPrefixW
PathRemoveBlanksW
PathAppendW
PathIsSameRootW
PathCanonicalizeW
PathIsRootW
PathCombineW
PathRemoveFileSpecW

cabinet

ord23
ord20
ord22
ord21

kernel32

GetPrivateProfileStringW
OutputDebugStringW
DuplicateHandle
MapViewOfFile
FileTimeToSystemTime
MulDiv
GetProcessHeap
LoadResource
CreateThread
EnterCriticalSection
GetCommandLineW
OpenProcess
LeaveCriticalSection
CopyFileW
SetLastError
LoadLibraryExW
GetSystemWindowsDirectoryW
Process32FirstW
FindClose
GetStdHandle
LockResource
GetDriveTypeW
GetFileInformationByHandle
TlsAlloc
GetUserDefaultLCID
LCMapStringW
SetEnvironmentVariableW
FindResourceW
LocalFree
FindNextFileW
GetShortPathNameW
CreateFileW
TlsGetValue
ExpandEnvironmentStringsW
SetStdHandle
SetEndOfFile
GetConsoleMode
FindFirstFileW
GetSystemInfo
Module32FirstW
GetSystemDirectoryW
CloseHandle
UnmapViewOfFile
SetHandleCount
ReleaseMutex
GetFileAttributesExW
GetACP
GetWindowsDirectoryW
HeapDestroy
GetModuleHandleW
SizeofResource
FindResourceExW
lstrcmpA
lstrlenA
GetFileType
GetLocalTime
ExitThread
OpenMutexW
DeleteCriticalSection
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
SetEnvironmentVariableA
GetFileSizeEx
GetDiskFreeSpaceExW
RaiseException
WriteFile
WaitForMultipleObjects
GetCommandLineA
WaitForSingleObject
lstrcmpW
CreateToolhelp32Snapshot
FreeEnvironmentStringsW
WideCharToMultiByte
CreateEventW
HeapFree
GetTempFileNameW
GetOEMCP
RemoveDirectoryW
IsProcessorFeaturePresent
FindFirstFileExW
GetConsoleCP
CreateMutexW
GetTimeZoneInformation
FormatMessageW
FlushFileBuffers
GetCurrentDirectoryW
IsDebuggerPresent
GetFileSize
InitializeCriticalSectionAndSpinCount
EnumUILanguagesW
ReadFile
SetUnhandledExceptionFilter
IsValidLocale
TlsSetValue
HeapReAlloc
Process32NextW
CreateProcessW
RtlUnwind
ResumeThread
TlsFree
lstrcmpiW
IsValidCodePage
GetFullPathNameW
FreeLibrary
DeleteFileW
PeekNamedPipe
SetFilePointer
CompareStringW
UnhandledExceptionFilter
CreateFileMappingW
GetDiskFreeSpaceW
SetCurrentDirectoryW
HeapSize
lstrlenW
ResetEvent
EnumSystemLocalesA
LocalAlloc
CreateDirectoryW
GetTempPathW
GetPrivateProfileSectionW
GetSystemTime
IsWow64Process
WriteConsoleW
HeapCreate
VirtualAlloc

shell32

CommandLineToArgvW
SHGetFolderPathW

user32

ReleaseDC
GetSystemMetrics
TranslateMessage
CharNextW
PeekMessageW
MessageBoxW
MsgWaitForMultipleObjects
CharPrevW
GetDC
SystemParametersInfoW
DispatchMessageW

ole32

CLSIDFromProgID
CoInitializeEx
CoTaskMemRealloc
CoCreateInstance
OleRun
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
StringFromGUID2
CLSIDFromString
CoInitialize

advapi32

RegQueryValueExW
OpenServiceW
CloseServiceHandle
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
QueryServiceConfigW
RegCloseKey
OpenSCManagerW
RegEnumKeyExW
LsaQueryInformationPolicy
RegOpenKeyExW
RegSetValueExW
RegOpenKeyW
RegDeleteValueW
RegEnumValueW
LsaClose
LsaFreeMemory
LsaOpenPolicy
QueryServiceStatus

psapi

GetModuleBaseNameW

kbdbene

KbdLayerDescriptor

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d5913c5a390e662ff4d9067c32dd34f

Headers

File Characteristics

Imports

version

wintrust

setupapi

gdi32

crypt32

oleaut32

shlwapi

cabinet

kernel32

shell32

user32

ole32

advapi32

psapi

kbdbene

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 242KB - Virtual size: 1.2MB

.rsrc Size: 13KB - Virtual size: 67KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 242KB - Virtual size: 1.2MB

.rsrc
Size: 13KB - Virtual size: 67KB