7c609d7b581f7128394f89daad453ab2

Sharing

Copy URL Twitter E-mail

General

Target

7c609d7b581f7128394f89daad453ab2
Size

122KB
MD5

7c609d7b581f7128394f89daad453ab2
SHA1

26ea4763140decc287187b86ec9f384b5f62f264
SHA256

20a99bd636d86364447f241a86a0f6c792a7f578264ad5fec6d8daf41da5bdeb
SHA512

7a77188a7d13c6b10da2e00ed4796e5e502111b56fc8c9b16e8815d3a53691ab59d82cce8d523305d644eed71480b45578a99291f712b860700e1040fece314f
SSDEEP

3072:hqcF0wratFoLk4LMmt0VaU7oIJrWkDnqh:hqDIkeMaHQllq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c609d7b581f7128394f89daad453ab2

Files

7c609d7b581f7128394f89daad453ab2
.exe .ps1 windows:1 windows x86 arch:x86 polyglot

61cb2000dbd1581ba967c9bcb841b8d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_ungetch
_ungetwch
_mbsncoll
_clearfp
fseek
_wtempnam
_wfindfirsti64
_timezone
_wcsdup
_ismbcdigit
_adj_fdiv_m32i
_spawnvpe
_filelengthi64
_mbsrev
remove
atol
setbuf
exit
_inpw
_except_handler3
_wexecl
_getpid
isdigit
_wopen
_ismbclegal
vsprintf
_adj_fprem
_wstati64
_acmdln
_ismbcspace
_exit
_umask
_safe_fdiv
_isctype
vfwprintf
rewind
_wspawnl
tan
__p__fmode
_setjmp3
wcslen
_ismbbkpunct
_sleep
_splitpath
_wpopen
__getmainargs
_heapchk
_atoi64
_utime
__set_app_type
_spawnle
_fileinfo
_outpw
_control87
_purecall
_adjust_fdiv
_wtof
_initterm
mbstowcs
_fgetwchar
_XcptFilter
_strtoui64
_cwait
vprintf
_mbctype
_locking
fputws
atof
clock
_lseeki64
_wfreopen
isupper
_creat
_strncoll
_ismbcupper
system
_ftol
_fileno
_inpd
_wchmod
_spawnlpe
_atoldbl
_ismbcsymbol
_wstrtime
_seterrormode
strspn
_safe_fprem1
swprintf
_mbsbtype
_finite
iswlower
_expand
_write
_wsearchenv
memcpy
_adj_fpatan
_findnext64
_read
_adj_fdiv_r
_execvpe
_spawnvp
__setusermatherr
_mbsnbicmp
_ultow
_wremove
strlen
fflush
_mbslwr
vswprintf
_controlfp
__p__commode
_sys_errlist
_fpclass
tmpnam
_spawnl
_wgetenv
_dup
strerror
_execlp
_fpieee_flt
_mbsncpy
_spawnv
_i64toa
atexit
towupper
_flsbuf
_fcvt
_cwprintf
_ismbbtrail
printf
_putw
longjmp
_mbsnccnt
_ismbslead
_wstat
_setsystime

gdi32

GetDeviceCaps
CreateCompatibleDC

kernel32

HeapReAlloc
HeapFree
FreeEnvironmentStringsW
TlsSetValue
LocalAlloc
WaitForMultipleObjects
SetEnvironmentVariableA
TerminateThread
WriteConsoleA
VirtualFree
VirtualAlloc
GetModuleHandleA
GetFileTime
GlobalAddAtomA
TlsAlloc
MulDiv
InitializeCriticalSectionAndSpinCount
GetVersion
ReadFile
CreateProcessA
SetPriorityClass
GetStartupInfoA
WideCharToMultiByte
IsValidCodePage
ExitProcess
FindClose
GetSystemDirectoryA
SetStdHandle
ReadProcessMemory
GetEnvironmentStrings
GetCurrentDirectoryA
OpenEventA

user32

GetDC
SetWindowPos
CreateWindowExA
EnableWindow
IsWindowVisible
EndPaint
TrackPopupMenu
OffsetRect
SetDlgItemTextA
DrawMenuBar
IsDialogMessageA
DeleteMenu
SetForegroundWindow

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61cb2000dbd1581ba967c9bcb841b8d4

Headers

File Characteristics

Imports

msvcrt

gdi32

kernel32

user32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 8KB - Virtual size: 296KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 8KB - Virtual size: 296KB

.rsrc
Size: 17KB - Virtual size: 16KB