00de53463d5f304009d95492d4b30974

Sharing

Copy URL Twitter E-mail

General

Target

00de53463d5f304009d95492d4b30974
Size

204KB
MD5

00de53463d5f304009d95492d4b30974
SHA1

fb901c2c823ed488b1d8ef94dc638af2c8b02894
SHA256

5b303859a85fdc5a46938c949612ae06b4560f42e5088211ff07a35f9563eb65
SHA512

d9504031a51b2b9644c74ab9f531e6e68f4992ce4dcb6fd91bd20fd28e2d868c90276d71c3313b152d17eef30d26b4cef74682756fde3bf058adb5af2c2c4a03
SSDEEP

6144:EImVibWOu7mLVWbSrFgWkc3DGt2Ey2KXgF:ENViibmIWJUOq6zXg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00de53463d5f304009d95492d4b30974

Files

00de53463d5f304009d95492d4b30974
.exe windows:4 windows x86 arch:x86

6c6bad270e5cbb92ab8b7ccf5fbb5b7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DrawEx

kernel32

GetTickCount
GetPrivateProfileStringW
GetSystemTime
GetProfileIntA
FlushConsoleInputBuffer
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
SetProcessShutdownParameters
SetErrorMode
QueryDosDeviceW
ReadConsoleOutputA
ScrollConsoleScreenBufferA
IsProcessorFeaturePresent
GetShortPathNameW
FindResourceExA
SetConsoleMode
GetWindowsDirectoryA
FreeLibrary
GlobalFindAtomW
VirtualFree
FindCloseChangeNotification
GetStartupInfoA
OutputDebugStringW
LoadLibraryExW
GlobalAddAtomW
GetBinaryTypeW
SetTimeZoneInformation
GetTempPathW
IsDBCSLeadByteEx
ExitProcess
VirtualAlloc
lstrlenA
GetCommandLineA
CancelIo
IsValidLocale
LoadLibraryExA
GetDriveTypeW
GetSystemInfo
GetUserDefaultLCID
SuspendThread
TlsGetValue
SetFileAttributesA
EnumResourceNamesA
GetFileType
EnumCalendarInfoA
SetEnvironmentVariableA
CopyFileExW
CreateMutexA
GetUserDefaultLangID
ExitThread
FillConsoleOutputCharacterA
CreateMutexW
PeekNamedPipe
VirtualAllocEx
GetHandleInformation
GetProcessTimes
FindFirstFileExW
GetAtomNameA
CreateFileW
GetSystemTimeAsFileTime
GetLongPathNameA
VirtualQueryEx
GetSystemDefaultLangID
GetModuleHandleA
GlobalFlags

user32

EnumDesktopWindows
ChildWindowFromPoint
GetQueueStatus
CallWindowProcW
GetMessagePos
SendMessageCallbackW
GetMessageW
ScrollWindow
LoadMenuW
InvalidateRect
wvsprintfW
IsClipboardFormatAvailable
GetClipboardSequenceNumber
OemKeyScan
SendMessageW
GetWindowPlacement
GetClassLongA
GetMenu
CreateDialogParamW

advapi32

ImpersonateSelf
SetSecurityDescriptorOwner
SetSecurityInfo
RegOpenKeyA
GetUserNameW
CryptCreateHash
GetAclInformation
RegOpenKeyExA
EnumServicesStatusA
MapGenericMask
RegQueryValueExW
FreeSid
DeleteAce
AccessCheck
RegFlushKey
AbortSystemShutdownA
EnumDependentServicesA
MakeSelfRelativeSD
GetSecurityDescriptorLength
ImpersonateNamedPipeClient
RegEnumKeyExA
OpenServiceA
RegNotifyChangeKeyValue
RegUnLoadKeyA
RegRestoreKeyW
SetFileSecurityW
InitializeSecurityDescriptor
RegDeleteKeyW
SetNamedSecurityInfoA
DeregisterEventSource
RegLoadKeyW
RegGetKeySecurity
QueryServiceConfigW
OpenServiceW
GetFileSecurityA

version

VerFindFileA

comdlg32

ChooseFontW
ChooseFontA

oleaut32

QueryPathOfRegTypeLi
SafeArrayGetElement
VariantChangeType
SafeArrayCreate
SafeArrayPutElement
SysFreeString
VariantCopy

shell32

ShellExecuteA
SHBrowseForFolderA

gdi32

GetMapMode
SetMapMode
PtVisible
IntersectClipRect
PtInRegion
RemoveFontResourceW
CreateHalftonePalette
EqualRgn
GetBitmapBits
CreatePen

ws2_32

sendto
gethostname
WSAAsyncGetProtoByName
WSANtohl
WSARecvDisconnect
WSAResetEvent
WSAEnumNameSpaceProvidersA

ole32

CoUninitialize
CoQueryProxyBlanket
OleRegGetMiscStatus
CoGetObject
CoReleaseMarshalData
OleFlushClipboard
OleBuildVersion
WriteClassStg

msvcrt

_fileno
fwrite
_strupr
putchar
setvbuf
fopen
freopen
mbstowcs
clearerr
isalnum
floor
iswxdigit
_mkdir
_fullpath
_eof
strpbrk
_mbsdec
_strrev
system
mktime
_wcsnset
_mbsnbcat
wcstoul
_memicmp
_mbsrchr
isprint
_getpid
putc
_mbsinc
_open_osfhandle
wscanf
vsprintf

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c6bad270e5cbb92ab8b7ccf5fbb5b7b

Headers

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

version

comdlg32

oleaut32

shell32

gdi32

ws2_32

ole32

msvcrt

Sections

.text Size: 192KB - Virtual size: 190KB

.rdata Size: 8KB - Virtual size: 5KB

.text
Size: 192KB - Virtual size: 190KB

.rdata
Size: 8KB - Virtual size: 5KB