a5e4dbfab9065b0aadec6796047ee1d2bada5338d35de6ec743e7e223854ccb3

Sharing

Copy URL Twitter E-mail

General

Target

a5e4dbfab9065b0aadec6796047ee1d2bada5338d35de6ec743e7e223854ccb3
Size

12.0MB
MD5

65abf3fc596cc3698ed9671c29ff2d66
SHA1

4f2d20a5ded67e8371c4989f1e28be1c88b1a344
SHA256

a5e4dbfab9065b0aadec6796047ee1d2bada5338d35de6ec743e7e223854ccb3
SHA512

32652218e6b50c7abc298d3e588933b32678b95503e885e0993c8567e25ff30dd1642c138d5139e8e7951bb4f9ec8a2fb682049180f32beb6c468cf95da24931
SSDEEP

196608:yLrU1kmd8aP2Ahyb0cT1qvqCG/LgkPNCSf7ijwMkoHJK0o+TR2UREizYqZk9vnF:SrU1km64zQnqSp/MkAwOj7kEJZR2wEiD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5e4dbfab9065b0aadec6796047ee1d2bada5338d35de6ec743e7e223854ccb3

Files

a5e4dbfab9065b0aadec6796047ee1d2bada5338d35de6ec743e7e223854ccb3
.exe windows:6 windows x86 arch:x86

f972fe97174d50011cccbb22e0696779

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

iphlpapi

GetAdaptersInfo

winmm

midiStreamClose

ws2_32

accept

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetSysColorBrush
CharUpperBuffW

gdi32

RoundRect

winspool.drv

DocumentPropertiesA

comdlg32

ChooseColorA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

VariantCopyInd

comctl32

_TrackMouseEvent

Exports

Exports

%��r��݇��V g��UK�2�V��3pϨNY��2׍�C�e��dN"�t��ZC�(k1��y��s�~��;o��Cr�� Oh��Q��Ǵ{�O��s�Pө�A%��)�##�� 얼�0] M�ٓ��%Nd�>g�[}2�*�i+q��։!��i��̂"h��,�i��cx��6@�p�U�Ƹ��'x��d��凴fGӿ4%:�Z�0jL��N�C��O��a�P��+�r>Ç�c�o��V~��9��*��o�D��<-C{y��n��jX��_�GJ�(��:�_��9C��L;ԎI �M9iXP��7BKN(�@�9�Y�� FG��O�N{��2IO�u5'%K�J�7�I��߂h��}�og�1��j��W��XT��H�K�r��/-1��6%��q��{M�/A��ـ��g\��k�S��7S�\�hyd[U��1|ᗭQ�"�͸�w�1��b,��[�� m�N��֍6).�N5ܒ���s�ʊU��!��z4^C��D0$�D�4��0X��Ԡ6~[y�6䟗y�j6ք=K��C_��AzH�"�Mj��"u��iu�lp��~w��#��RΪQ�Y3�U�]P��L"��_��E��q5*� ��^�P�o'(��X�5�WA��^M'�[[%?I��D��/�U��M��s�[�g�u@�[/�N�{b�%��xԲz�J��x��^�W�u�)��iXO٪p6J��K�59��"��U¥��r��:�uݻإ�^�|��ĳJs�l�K�-%>��H(�x��c>-��h�� 9�\��+��I/.�6*��S��JnN]��7 4:V��%v�pr9 /c��f��wx�JJHI7��`ô�{�W��д�B;�i�:��z1Tb��E�w&h�#1��fУL�X�8s�W䧉r�MW�;�g��|� �UˋtR⍹��E�-E��'�^��!�i�ϥ M��;�� n��Й�`�ON��ݗ��Fچ�,�U<��@B7AQ�d�+d�\��֬ߑ%��eU��I��/��Vti�WU�%�VH�̤ϯɄ٨��<R��^��D`� �``lX��H�ՐM�0`��7��X�S��M�&v��8��x��ac,d��P��Jl�kNn�1��Z�Ƶ�U�Ĉ\eT�]��=)pjvqGU!)�+��[�J9M+�e�E)#tu��T���;��)[�n�,;kpk��適�$��Z��*kc�U��U��Z�5��s ۷4 E^(Ƃ�U��h��`�^��X{�hCm��6�W՟��e�Ң�8��XXZ��xG��Oj�M�B�@\Iנ_��h�Kk Ȧ�e��5�Q!��f��>r�ݜ��62��w�{ӄ:)�?O��`��d��e�i �+��S�$��ÎO0s��e��$�5�v�S�>vmX�+WVB*m/�ٴ��[|��*�)�ͧT��7��:��Ϻj�C��l��T��T@Lm��E�ZL�E[�Z��+C�G��H��,��)��(@(��ȯ�`��]��_�8�?W��"��~B�О��n��Z=dE��j�?HR�倲_��;l��=��G-ϧ��;��A�fY�r?��*Ås0TSaX�~L�e�*�*'zޯ�;��lGh&��&��^3<"u ��1rP&��1�a\�Nx�� WZ� a��霦��&��*`G��!�׉N��:�=x�L��T�Qo��9�0�$3�V[ ��~�ˌ��r�e��]!S��,��o��2�]�2Q r��_�k� ��GXa��sŊ$�1�P��ss�jG�$j䠂0+��GIk��ڸ�[-�6�ܜT�1��3w�*�E��\��C:V=e��(%�t>��=f�JKK�+�?��;p�7[mI�7��/��GQ�U�}��} ;�<�|x��o�I$˚��l��(\qGJ�-[j?=��įqb2�f��C8Q�Ȓ%��p�K�L ��(u�~Ȳj��") ��o&H[CU�+c�t6iݕ#P�H��p�T�Cv�`��v�%�b��Y��G@~�%?AZHY��A�>��am{�c�A��fQPY��x�'��0\��O��,�S��X��9��|ж�_\5��q�}ڈ��8�k��ܹ��cU�� c��g�nD�f��&��=��Mg��"�FHe�9U�"��Ģ��9�7�>f��j��`�|2�e��fy��UB��T8�= }��8@��#1硥��)?�2p��G�a�c�ޜ6�V��5��Ǟh�z�l+4�b�շ�� K:w�k�|AƖ�}V�>4�{n�z.�� /��#��>6�0��p��T�]˭H�ڙOf�߭k��j{��w�p��p�&)��ԋ�:�V,d��W{��s�[��<��}�l9&�@��`��*��t&�0��my~Fid�4r��s��R�/d��:�^h�2xr�� O��P�6P\Ik��*��ni�T`ߠa�x�П`@�&.bT��Է��n��b��VӁt!k��2��L%�a� ��ci�X��I�%�� ~��"/?;��D��K��R�ZV�ҷPլ?V�`_��y�a��v8)r��!1��VϧN�{*k&j/!�Siv��ȏ�6C��Kԓ� ��CWY5��֮7��-U�Û-q"�Bt�ER�$�ȉ�&�9��C�1�� O��h�84��u�-m��M&Տ��z��J�'G��(�G��t��x�sV��Ez�/Qq��7}N0I^�� hi㔥��&�ٜu gJ��NZ��%�- ��,E��

Sections

.text
Size: - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.p\S
Size: - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Q-$
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

..cy
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f972fe97174d50011cccbb22e0696779

Headers

DLL Characteristics

File Characteristics

Imports

msvfw32

avifil32

iphlpapi

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 683KB

.rdata Size: - Virtual size: 107KB

.data Size: - Virtual size: 349KB

.p\S Size: - Virtual size: 8.9MB

.Q-$ Size: 3KB - Virtual size: 2KB

..cy Size: 12.0MB - Virtual size: 12.0MB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: - Virtual size: 683KB

.rdata
Size: - Virtual size: 107KB

.data
Size: - Virtual size: 349KB

.p\S
Size: - Virtual size: 8.9MB

.Q-$
Size: 3KB - Virtual size: 2KB

..cy
Size: 12.0MB - Virtual size: 12.0MB

.rsrc
Size: 6KB - Virtual size: 6KB