03623d9d0f8ef32fb848dfacde717231

Sharing

Copy URL

Twitter E-mail

General

Target

03623d9d0f8ef32fb848dfacde717231
Size

547KB
MD5

03623d9d0f8ef32fb848dfacde717231
SHA1

b88b2364e5aad1b8fb92b432d144e668780e8d40
SHA256

8f71ec8799ba9347b3d90543ffa5fb20de8d30782ae37c2abaae508da4a2d507
SHA512

645e5690ed677d7721003b567e42c17519fc5d2f030c612e8e46e6b353408f1a3eeefb57fd69c09eb6f5620810f2a1d8abb28f5355d0e493f074101a5e2b7b63
SSDEEP

12288:BiGhMiF/SY8r4lelwRzQQreVcyv533SZSW4yszBD+oJFbSTd4xQC/FIm3:BF+Y8rMelw5az3iZSWmzR5bWyQuIS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03623d9d0f8ef32fb848dfacde717231

Files

03623d9d0f8ef32fb848dfacde717231
.exe windows:4 windows x86 arch:x86

2538ca8098f382ce1f8c12e5d0ca58e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindow
DdeCreateDataHandle
SendNotifyMessageW
CharToOemW
SendDlgItemMessageW
MonitorFromPoint
MapVirtualKeyExW
GetMessageW
MessageBoxIndirectW
GetUpdateRgn
GetClassWord
PackDDElParam
GetClipCursor
GetSystemMenu
UpdateWindow
ChangeClipboardChain
IsWindowUnicode
EnumClipboardFormats
GetGUIThreadInfo
DdeDisconnectList
PeekMessageW
ImpersonateDdeClientWindow
SetMenuContextHelpId

ole32

OleRegEnumVerbs
OleLockRunning
CoFreeUnusedLibraries
SetConvertStg
CoInitializeWOW
CoRegisterSurrogate
StgGetIFillLockBytesOnFile
CoQueryClientBlanket
CoCreateInstance
CoGetCurrentLogicalThreadId
CoSwitchCallContext
OleFlushClipboard
OleIsCurrentClipboard
CoGetPSClsid
CoRevokeMallocSpy
UtGetDvtd16Info

kernel32

GetDateFormatW
GetCommTimeouts
Module32Next
GetWriteWatch
GetSystemInfo
GetCurrentDirectoryA
SetCommTimeouts
ReadDirectoryChangesW
Heap32First
ResetWriteWatch
GetCommModemStatus
CreateDirectoryExW
ReadConsoleOutputAttribute
GetCPInfoExA
GetStartupInfoW
PurgeComm
VirtualAlloc
VirtualProtect
GetModuleHandleA

shlwapi

ColorRGBToHLS
StrNCatA
SHDeleteKeyA
PathRemoveBlanksW
PathGetDriveNumberA
PathFileExistsW
StrFormatKBSizeA
SHDeleteEmptyKeyW
PathIsRelativeA
PathIsRootW
PathSearchAndQualifyW
SHRegCloseUSKey
StrSpnW
PathCompactPathExA
SHGetValueA
PathUndecorateW
PathRemoveBackslashA
PathIsPrefixA
StrDupA

advapi32

PrivilegedServiceAuditAlarmW
GetMultipleTrusteeOperationW
SetAclInformation
SetFileSecurityA
RegDeleteKeyA
GetNamedSecurityInfoW
SetThreadToken
StartServiceW
OpenProcessToken
RegUnLoadKeyA
BackupEventLogW
RegisterEventSourceA
EqualSid
CryptAcquireContextA
RegEnumKeyW
RevertToSelf
InitializeSecurityDescriptor
OpenThreadToken

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2538ca8098f382ce1f8c12e5d0ca58e6

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

kernel32

shlwapi

advapi32

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 20KB