f6f3635799987b5b53ac02a043df0191

Sharing

Copy URL Twitter E-mail

General

Target

f6f3635799987b5b53ac02a043df0191
Size

987KB
MD5

f6f3635799987b5b53ac02a043df0191
SHA1

4ec5cc6f8e3cdc82021a9bed3628b8329b7d28a1
SHA256

d4812960e2015fa35aae113a526b407bf113ae2c8f58afd54dcd51f2ec25daff
SHA512

0331254cdbb23025ba9fc858128ccbaf3205191c12a569d500ed3418214c41a313676effd54369158cc8627a6915cb6419c54084bf8059a177477b4172225043
SSDEEP

24576:kd6Qmpi40x+7RI5ELOrfKY0Kh8zUK9h0I9Q4O5LkHzX:C6iQ7RnYN/K1Q4ORCzX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6f3635799987b5b53ac02a043df0191

Files

f6f3635799987b5b53ac02a043df0191
.exe windows:5 windows x86 arch:x86

4f27554de34a8fff35a0cb2bdfd860c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

ReleaseStgMedium
CoInitialize
CoUninitialize
CoGetObject
FreePropVariantArray
CoCreateInstance
CreateClassMoniker
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
GetRunningObjectTable

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetMalloc

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetCloseHandle

msvfw32

ICInfo

quartz

AMGetErrorTextW

gdiplus

GdipLoadImageFromFile
GdipImageRotateFlip
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipGetImageRawFormat
GdipGetImageVerticalResolution
GdipGetPropertyItemSize
GdipAlloc
GdipGetImageGraphicsContext
GdipBitmapSetPixel
GdipDrawImageRectI
GdipDeleteGraphics
GdipRotateWorldTransform
GdipGetImageWidth
GdipFree
GdipGetImageEncodersSize
GdipCreateSolidFill
GdipGetImagePixelFormat
GdipCreateFromHDC
GdipCreateBitmapFromFileICM
GdipFillRectangleI
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipDrawImageRectRectI
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipDisposeImage
GdipGetImageThumbnail
GdipGetImageType
GdipDeleteBrush
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdiplusStartup
GdipCloneImage
GdipGetPropertyItem
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap

comdlg32

CommDlgExtendedError
ChooseColorW

kernel32

GetExitCodeThread
GetLongPathNameW
GetLastError
MapViewOfFile
GetProcAddress
GetCurrentThread
EnumDateFormatsExW
GetTickCount
SetFilePointer
GetLocaleInfoA
SetCurrentDirectoryW
CloseHandle
GetFileTime
GetThreadPriority
HeapAlloc
GetLocalTime
GetFileSize
InterlockedDecrement
UnmapViewOfFile
CreateFileW
GetSystemTimeAsFileTime
FindClose
WriteFile
GetFileAttributesW
CreateThread
lstrcpyW
EnumTimeFormatsW
GetCompressedFileSizeW
GetCurrentProcess
GetDiskFreeSpaceExW
GetTempFileNameW
WaitForSingleObject
GetExitCodeProcess
HeapSize
lstrlenW
FindFirstFileW
VirtualFree
QueryPerformanceFrequency
ReadFile
OutputDebugStringW
GetVersionExA
CreateFileA
GetDriveTypeW
FormatMessageW
SetThreadPriority
LoadLibraryW
RemoveDirectoryW
GetSystemInfo
SetFileAttributesW
GetCurrentThreadId
OpenFileMappingW
GetTimeFormatW
FileTimeToLocalFileTime
HeapFree
FreeLibrary
CreateEventW
_llseek
GetACP
FindNextFileW
SetProcessAffinityMask
QueryPerformanceCounter
CreateProcessW
GetCurrentProcessId
CreateMutexW
GetProcessHeap
GetModuleFileNameW
HeapDestroy
GetVersionExW
IsBadWritePtr
HeapReAlloc
MultiByteToWideChar
DeleteFileW
GetFullPathNameW
GetFileInformationByHandle
InterlockedExchange
GetModuleHandleA
Sleep
GetModuleHandleW
DeleteCriticalSection
CreateFileMappingW
LocalFree
GetDateFormatW
GetTempPathW
GetThreadSelectorEntry
GetVolumeInformationW
InterlockedIncrement
SetEvent
IsBadReadPtr
ExitProcess
LeaveCriticalSection
GetPrivateProfileStringW
lstrlenA
MulDiv
WideCharToMultiByte
GetProcessAffinityMask
GetLocaleInfoW
CreateDirectoryW
GetStartupInfoW
ResetEvent
GetSystemTime
EnterCriticalSection
InitializeCriticalSection
GetThreadLocale
VirtualAlloc
CopyFileW
FileTimeToSystemTime
WritePrivateProfileStringW

winmm

mmioDescend
mmioClose
mmioOpenW

advapi32

RegQueryValueExW
RegDeleteKeyW
GetUserNameW
RegSetValueExW
RegQueryInfoKeyW
RegisterEventSourceW
ReportEventW
RegEnumValueW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey

shlwapi

PathIsDirectoryEmptyW
PathFileExistsW
PathFindFileNameW
PathRemoveBackslashW
PathCompactPathExW
PathAppendW
PathFindExtensionW
PathCombineW
StrStrIW
PathRemoveExtensionW
StrCmpIW
PathAddBackslashW
PathRemoveFileSpecW
PathCanonicalizeW
PathIsDirectoryW
PathRenameExtensionW
PathIsRootW
PathStripToRootW

msimg32

AlphaBlend

tapi32

lineSetLineDevStatus
lineAccept

Sections

.text
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 295KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f27554de34a8fff35a0cb2bdfd860c7

Headers

File Characteristics

Imports

ole32

shell32

version

wininet

msvfw32

quartz

gdiplus

comdlg32

kernel32

winmm

advapi32

shlwapi

msimg32

tapi32

Sections

.text Size: 652KB - Virtual size: 652KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 295KB - Virtual size: 3.5MB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 652KB - Virtual size: 652KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 295KB - Virtual size: 3.5MB

.rsrc
Size: 32KB - Virtual size: 31KB