7d1c4d8d7ac347599a2253b116d610dd

General

Target

7d1c4d8d7ac347599a2253b116d610dd
Size

87KB
MD5

7d1c4d8d7ac347599a2253b116d610dd
SHA1

6d6648094003a33e95cc8866d691d0183f22d8ea
SHA256

e87714213073eef5ff2fcff972a4184d6bf9e323b776944e3b0a5ed071c0b9e8
SHA512

fcb47115a82f3a8e2ad9c336a12c8e01651c25e254130073e1365a0ecfabad1fd09f147c0d411b1b8af61dae923431e2ad1e038ef0b41632331c2a19280b1a2e
SSDEEP

1536:L599eNS/dL8ym2qSm5gle6nJqUt4nA5tU/SUNkqlOag+wSL1TmaUOJDx13wybS75:AN2d4KqSmyle6JKjlkCUOJ9Nwy2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/brew-sgw2.exe

Files

7d1c4d8d7ac347599a2253b116d610dd
.zip
BReWErS.nfo
brew-sgw2.exe
.exe windows:4 windows x86 arch:x86

6f612ff9df75a349bf75e1e790da9199

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
GetWindowsDirectoryA
lstrcatA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
OpenProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
CreateThread
SetThreadPriority
HeapAlloc
HeapCreate
HeapDestroy
Sleep
ReadFile
SetFilePointer

user32

DialogBoxParamA
SetTimer
LoadBitmapA
SendDlgItemMessageA
FindWindowA
EndDialog
GetWindowThreadProcessId
GetDlgItem
SendMessageA
RegisterHotKey
ReleaseCapture

gdi32

CreateFontA
SetBkMode
SetTextColor
SetBkColor
CreateSolidBrush
GetStockObject

winmm

waveOutClose
waveOutGetPosition
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

Sections

code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

data
Size: 9KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
www.MogelPower.de.url

Sharing

General

Malware Config

Signatures

Files

6f612ff9df75a349bf75e1e790da9199

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Sections

code Size: 8KB - Virtual size: 7KB

data Size: 9KB - Virtual size: 81KB

.rsrc Size: 436KB - Virtual size: 436KB

.idata Size: 2KB - Virtual size: 1KB

code
Size: 8KB - Virtual size: 7KB

data
Size: 9KB - Virtual size: 81KB

.rsrc
Size: 436KB - Virtual size: 436KB

.idata
Size: 2KB - Virtual size: 1KB