02017330f1d6408306b8afb744fd45d9

Sharing

Copy URL Twitter E-mail

General

Target

02017330f1d6408306b8afb744fd45d9
Size

177KB
MD5

02017330f1d6408306b8afb744fd45d9
SHA1

7d7c611eade67c48bca0dc3802f8d4d8b9b6628e
SHA256

02845fbf798398dc0c671068c29d1fbd0b5547c3f26029e5ef25b04b6b9398f0
SHA512

b4d2041f1619a3379ce5a6d81489e50954ad421eb2f53618b7157d344649b200faf24dfe42b69a54a15783f1874fba99877c0524dee831506f98ef83248f05c8
SSDEEP

3072:4HYlBACclXUQ4DS52TLm2GcsSakTPtcnUCMOxWOBdWBAvPymqLVI:hACcUqq5sSxtcUqJBdoAvPQp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02017330f1d6408306b8afb744fd45d9

Files

02017330f1d6408306b8afb744fd45d9
.exe windows:4 windows x86 arch:x86

8d0acf7b338448154fce9e28279faac9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA

shlwapi

PathRenameExtensionW
PathRemoveBackslashW
PathAppendW
PathCombineW
PathFileExistsW
PathAddBackslashW
PathIsDirectoryW
PathFileExistsA
PathRemoveFileSpecW

ole32

CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize

advapi32

RegSetValueExA
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExA
RegSetValueW
RegOpenKeyExA
RegCreateKeyW
RegSetValueExW
RegCreateKeyExA
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyA

kernel32

WaitForMultipleObjects
InterlockedIncrement
GetProcAddress
LocalAlloc
GetCurrentThreadId
DeleteCriticalSection
GetModuleFileNameA
MulDiv
FindFirstFileW
DeleteFileA
GetFileAttributesA
GetVersionExA
FreeLibrary
GetThreadLocale
GetCurrentProcessId
WriteFile
MultiByteToWideChar
GetLastError
InterlockedDecrement
FindNextFileW
SetFileAttributesA
GetPriorityClass
CreateDirectoryW
CloseHandle
WaitForSingleObject
LocalFree
Sleep
RemoveDirectoryW
ReleaseMutex
EnumResourceTypesW
FindClose
GetVersionExW
InterlockedExchange
CreateMutexA
GetSystemTime
GetModuleFileNameW
EnterCriticalSection
DisableThreadLibraryCalls
lstrlenA
GetTempFileNameA
InitializeCriticalSection
ReadFile
SetFilePointer
GetTickCount
CreateFileA
GetACP
QueryPerformanceCounter
ExitProcess
GetLocaleInfoA
lstrlenW
GetTempPathW
WideCharToMultiByte
GetTempFileNameW
LoadLibraryW
DeleteFileW
SetFileAttributesW
OutputDebugStringW
LeaveCriticalSection
OutputDebugStringA
CreateDirectoryA
CopyFileA
GetTempPathA
GetSystemTimeAsFileTime

winmm

timeGetTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

IsRectEmpty
PeekMessageW
SetRectEmpty
GetClientRect
GetDC
OffsetRect
ReleaseDC
wsprintfW
FillRect
DispatchMessageW
TranslateMessage
CopyRect
GetWindowRect

gdi32

CreateBitmap
SetBkColor
GetObjectType
DeleteObject
StretchBlt
CreateSolidBrush
CreateDIBSection
CreateDCW
GetDIBits
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
DeleteDC
SelectObject
SetStretchBltMode

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d0acf7b338448154fce9e28279faac9

Headers

File Characteristics

Imports

shell32

shlwapi

ole32

advapi32

kernel32

winmm

avifil32

user32

gdi32

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 68KB - Virtual size: 67KB

.tls Size: 1024B - Virtual size: 252KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 68KB - Virtual size: 67KB

.tls
Size: 1024B - Virtual size: 252KB