011a44e2781522aa673b5917c9dc4ded

Sharing

Copy URL Twitter E-mail

General

Target

011a44e2781522aa673b5917c9dc4ded
Size

431KB
MD5

011a44e2781522aa673b5917c9dc4ded
SHA1

1ec971b5c8e0b4d2c11735939288f5da8a06282d
SHA256

71f59dc211714515826c9cc8dc9b8f122ef94564aeac509481936e8934a7658a
SHA512

9c1fa3c8ea0a913dedf489aaea4c834443b80e0745b8a5161419d9920aee8bc2c2ae67666f598a0180c9d868fd65ba054bacd4ea3ccef31a6720b8f0991e9f2f
SSDEEP

12288:aW7KT+TN6v/jHmjx6AvBmXQCysmERM4M/KxU:aU6njHmjxHvBWQCysmERVM/Kx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
011a44e2781522aa673b5917c9dc4ded

Files

011a44e2781522aa673b5917c9dc4ded
.exe windows:4 windows x86 arch:x86

12148a84cf2adc949534387def3f17c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_control87
wcstod
_putch
_isnan
_adj_fprem1
atan
_y0
_wstrdate
_cprintf
_fsopen
_wcsicmp
_hypot
_snwprintf
_dup
__iscsym
_setsystime
_mbsspn
_spawnle
_wexecvp
_rmdir
_CIsqrt
_sys_nerr
_j1
_initterm
_heapmin
_timezone
fabs
localeconv
__toascii
_CxxThrowException
__threadid
_execvp
_mbsicmp
__p__winmajor
_seterrormode
_wmakepath

gdi32

SetLayout
CombineTransform
SetLayout
GetCharABCWidthsA
CancelDC
GetObjectA
CopyMetaFileW
CreateHalftonePalette
UpdateICMRegKeyA
PlayEnhMetaFileRecord
GetCurrentObject
GetMiterLimit
GetObjectType
GetROP2
SetTextAlign
CreateRoundRectRgn
ResetDCA
CreateDCW
DeleteObject
GetCurrentPositionEx
Pie
FrameRgn
GetTextCharset
GetTextMetricsA
GetSystemPaletteEntries
CombineRgn

advapi32

OpenThreadToken
RegOpenKeyW
RegOpenKeyA
GetUserNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
CryptSetProvParam
LookupAccountSidW
RegRestoreKeyW
GetUserNameA
RegQueryValueA
CryptSetProviderExW
GetMultipleTrusteeW
FindFirstFreeAce
ChangeServiceConfigW

kernel32

lstrlenA
SetErrorMode
VerLanguageNameA
lstrcmpW
SetFileApisToOEM
lstrcmpA
RaiseException
LockFileEx
GetComputerNameW
lstrcpyW
GetCommandLineW
GetFileAttributesA
HeapDestroy
lstrcmpiA
GetModuleHandleW
SetConsoleCtrlHandler
CommConfigDialogW
lstrcmpiW
WriteTapemark
GetLocalTime
VirtualFree
PulseEvent
ExitProcess
FindAtomW
GetStdHandle
FreeEnvironmentStringsW
ResumeThread
GetModuleHandleA
GetProcessHeap
Heap32ListNext
ResetEvent
VirtualAllocEx
FillConsoleOutputCharacterA
CreateEventW
GetLastError
GetTempFileNameA
SetLastError
GetCurrentProcessId
GetStartupInfoW

user32

SetDoubleClickTime
CreateMenu
UserClientDllInitialize
UnregisterClassA
DdePostAdvise
SetCapture
GetMessageExtraInfo
LockWindowUpdate
CreateMDIWindowA
EnumDesktopWindows
GetCaretBlinkTime
DefDlgProcA
DdeAccessData
SetClipboardData
DdeEnableCallback
GetWindowDC
FlashWindowEx
EnumPropsExA
GetProcessDefaultLayout
GetSysColorBrush
EnumDisplaySettingsW
CharPrevA

Sections

.text
Size: 271KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kvmth
Size: 80KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ztgi
Size: 78KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12148a84cf2adc949534387def3f17c3

Headers

File Characteristics

Imports

msvcrt

gdi32

advapi32

kernel32

user32

Sections

.text Size: 271KB - Virtual size: 272KB

.kvmth Size: 80KB - Virtual size: 96KB

.ztgi Size: 78KB - Virtual size: 1.0MB

.reloc Size: 1024B - Virtual size: 1KB

.text
Size: 271KB - Virtual size: 272KB

.kvmth
Size: 80KB - Virtual size: 96KB

.ztgi
Size: 78KB - Virtual size: 1.0MB

.reloc
Size: 1024B - Virtual size: 1KB