7790622afe67de2a54c7e47549a78e2c

Sharing

Copy URL

Twitter E-mail

General

Target

7790622afe67de2a54c7e47549a78e2c
Size

6.4MB
MD5

7790622afe67de2a54c7e47549a78e2c
SHA1

a81ea500bfe91d3405f320e04502a912864cf7bd
SHA256

a853424a451ceed0148add9086ff5e8b4e983864702f797f9915bd09cb82c818
SHA512

12ce28a3829fbe931a57d262125ea7d25471b6c8665418bcd032190e0162e4051608cb1485e8b67ec7101544272ff4f53715b5c65ab44c5e24e114d18d496963
SSDEEP

98304:ECtBJlt5CrBHZhTsdeHND1uae17It3mrjFc0jmk0q41ldJdaSJdPHFsOM:ECDDaFhHNLeNIejjMn13FsOM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7790622afe67de2a54c7e47549a78e2c

Files

7790622afe67de2a54c7e47549a78e2c
.exe windows:6 windows x86 arch:x86

e81e114fb61be8f06f8fd77fac33e01a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetSystemTimeAsFileTime
LocalAlloc
GetModuleFileNameW
LocalFree
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowLongW
CharUpperBuffW

advapi32

CryptEncrypt

shell32

ShellExecuteW

imm32

ImmGetContext

xinput1_3

ord4

ws2_32

ntohl

crypt32

CertOpenStore

wldap32

ord200

normaliz

IdnToAscii

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

Exports

Exports

~q*V(;0��Á�wÔ9��;d�7~xWi=�H��e�{�l�T�7z� {8�p�8��y �ˠਔ�V��vzd@4�<cl�T��|nΡ�mQ�g��zl;۰�y��8UR h=��A��B�X T�� Cbh�4a r��ʈ�ޢn��H0J1��q��@��+�i��{|�ʶX/�� D=��X c�� &G/�w��Ǿq��)xR��9Ew��_�A#��JP�$(�@��}�d�2P�e�out�Y�$�d��rB��\!+��7�u�T��~9�ݾ�4�Py˚��>m��RYCa��x� �-�\T]K�',�S��CV�&\[#=��@��Z�.bԝ�8h�N7��3��^�<��t��۞��n��,�zmp�-��:��°�r�v$��3`�� 8�_u��<��^�ؾwB8s�O��2��h��]P~S�A�MS�dȪ��"�dl��F=H�K��-S��:�w�@I��̍��L)�1>�O]ER��[a�]9��{{γ$|��E��ܾ��ˣ�5�h1��B$��kUBt�|��]i��+]u� ��+��8[<�FD��E^�SJ��@E��y;�s��v��2<�(D"�,$��<y��G�*8�a��&��/%R��v��_�qWЃ�9�T�xgmY��/V�BRK�a2�B��O�WEWnP� *��GҠ k� Yo�=��7�s�N�(�T��"��/�v��lke,:�Zz=qg��'y-��c��p�ݢek)��u��s�q��7ݗ2cv�b��"��qq�lz=E3-��h��a9ѿR�1H�4O��2��sbc�j��<xv��D/�GyHY�{x��h��pJ��<T��GFӬk,�C��ŊO��N��}^�� O�K��_`i"k�>��v�SS��^l��w�a ܬ�"6��:�3�:� sW��;��m��|s $z��z�J�*.�\��e�)M ��g��l��f`�ޢ)7;]��Y�ʥ�}��2yy��B�X�Мo�gF��4s!l2(�ܛ��6r��B��[)�"l�[�ήY��<�q_-흢�qO�� 7��>��!��|/�1|�Ͻ��IO��d�B^�Z�`ei�l��"��.��h{iB�#��(9��t�<��,+�F؛�C�W׀��J� ��Kb��*��a�)�v�ޕR�2iC�a��@��$M|\w'�%��SeC��PENqy2i�Q6 <��d��a*]��~V�gH�Kk�ѣ+>6�0�y5B/�ݏ��J��[U�."��s\��LH�2��m�O{RU@8wܴ�Y��o��`�b�μ.��ᣖ��=��p4*��y� � �8��ی��nȝMp�9vky�HvV׋(<`�=~�[�T�9�� XG:�oں�)o��z͇[R��D��cY:��l��ɮ|i�Б$��ft�O�ۂ��)R6��BH��-d�# h��X�A�>"un 4-Ƞ�JU�Q�2m�A�wG��'�]�=��da%�u5Q��M�V %�\/(��R��z< ]ʹ�@�)1"a�M�L"})>��i/�=T �� e��#>��N5�v� cPA��.�w�Hҷ��u+��mk�v_T~�:��Jܻ�g�x�m��[��"<X_��,�$+�AB;Z��n�C��Ԙ�r O3hF��1��]'�ȷ}Em�{�bF'g�o�.��*��K�&xBͧ� p�e7��~�;��p��lR�8):�W�P#��)�.�"9y�mxaqH�a�:�<�.��me��'��ޙd�0� �8�C��k%�h�uĕ��*�;�K��i⣸�� xD��c�i��9�(j�� }� E�2�(�?s�H��j�1�� C? l�սC^��دTX�'F�O*T�[�l�r�Ԓ��T�O��`:�|��t��4-��9��駽��b�;jR�4\ͭ��[l�L;Q��Q�5��z��k C}s��""��c�ᗓ��o��9�s�2��侢��E��gj�c� h��t��|# M��HT=(��}�㦧��) ��K��c;Ӏ٦e�4��B̽ʁ~-g�X�;�8m1k[��C��c�Z��$�'�[��|��XRf�0%�L �uZ.]��K�r0!�7�Rѵ��4ԩ�K]e��_��J��d㊲�O�,�FV[V �.��*j�R��l�e�T��[�D��Ɛ;��DHጪ�S|c��O�%Zr��X_��#��9}oL��"�e��H�� X��ȀȾ��67d��h�0��iO��6[��ˍR��E�q��К8c��t�^��qG|��>�� ǒf�]�ڷ�sY�vlR�[��4e��.Q�~��dy��`�S� ��4��mI^��)��!��J)�zj��3h�Oe�B��F��1�Qƫ25�&�~k�<��mƉ��Mkr}�j W�l�4�x}^�d�֜��e�s)�� .�� ;Ѽ��/�}:�т��F;�ˬD��m=VNÔ�imw�J�Kc�m�fZ��$E��{�5Q��+��3��S��}�4F�N$P��w��h{�2M��d��وɎ��՜�:��Vu��&��Y[��szsV�Ω��23�9ɵ�U��I]�V�3]~�R��'��Qշ��j��A#h��??C��K��E�u�G�*R��Ufv�@��o<!��3&^6k�8�PN]i �充��2/��h~$b*T��L��od88?m�0��z�#0'ǆ'$e�Q�ſ�v�q:s�� w"!

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yiO0
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.yiO1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e81e114fb61be8f06f8fd77fac33e01a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

imm32

xinput1_3

ws2_32

crypt32

wldap32

normaliz

d3d9

d3dx9_43

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 649KB - Virtual size: 648KB

.data Size: 10KB - Virtual size: 16KB

.yiO0 Size: 2.5MB - Virtual size: 2.5MB

.yiO1 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 51KB - Virtual size: 50KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 649KB - Virtual size: 648KB

.data
Size: 10KB - Virtual size: 16KB

.yiO0
Size: 2.5MB - Virtual size: 2.5MB

.yiO1
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 51KB - Virtual size: 50KB

.rsrc
Size: 6KB - Virtual size: 5KB