36597dd7b967df7b32d46b98a3d90337805097527eb7b7f1080b3c6d7236e3ea

Sharing

Copy URL Twitter E-mail

General

Target

36597dd7b967df7b32d46b98a3d90337805097527eb7b7f1080b3c6d7236e3ea
Size

3.3MB
MD5

f067936584e27561b4308176ebebea05
SHA1

0ea4348fcdc502dcceeb7edbb246d31b70844d71
SHA256

36597dd7b967df7b32d46b98a3d90337805097527eb7b7f1080b3c6d7236e3ea
SHA512

c8498f7b30707084e31a895cc1f8f41bc3895bedde5e10f6ecc3bc981354f63c19e120ff5478d79b562021823020eac04b2ca5c23345c768522d1c2adbc4fd4b
SSDEEP

49152:YhOUQjpoYhatgBtVDVld1kSGkMS8YdHVdOxkMbqVIH484WAi9i2yQ3hhWQdWQP:YzQjOYEgBLVrmSNMQ1LMmVSAi9fdhdP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36597dd7b967df7b32d46b98a3d90337805097527eb7b7f1080b3c6d7236e3ea

Files

36597dd7b967df7b32d46b98a3d90337805097527eb7b7f1080b3c6d7236e3ea
.exe windows:5 windows x86 arch:x86

f4e3cbb5a6b46d49976040eee9c9ed94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegReplaceKeyW

kernel32

SwitchToThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

version

GetFileVersionInfoW

winspool.drv

ord203

comctl32

ImageList_ReplaceIcon

gdi32

GetDeviceCaps

msimg32

AlphaBlend

user32

GetKeyboardLayoutList

ole32

OleInitialize

oleaut32

SafeArrayCreate

Exports

Exports

@@Unit1@Finalize
@@Unit1@Initialize
_Form1
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4e3cbb5a6b46d49976040eee9c9ed94

Headers

File Characteristics

Imports

advapi32

kernel32

version

winspool.drv

comctl32

gdi32

msimg32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 1.4MB

.data Size: - Virtual size: 96KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: - Virtual size: 4KB

.idata Size: - Virtual size: 16KB

.didata Size: - Virtual size: 4KB

.edata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 2.3MB

.vmp1 Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 608KB - Virtual size: 608KB

.text
Size: - Virtual size: 1.4MB

.data
Size: - Virtual size: 96KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 16KB

.didata
Size: - Virtual size: 4KB

.edata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 2.3MB

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 608KB - Virtual size: 608KB