114b28cbb89bb72bc6bf5ab4a87a720f

Sharing

Copy URL Twitter E-mail

General

Target

114b28cbb89bb72bc6bf5ab4a87a720f
Size

440KB
MD5

114b28cbb89bb72bc6bf5ab4a87a720f
SHA1

57c19bec9b625d7fd098ac4652c60e031ae6fdea
SHA256

b0ce05944abecde435031b5ab1fa6ac7aa037ee4d794bb73d75cc03a8b615648
SHA512

ad605a238b2d88f28e62e9019840c44c90a76c7c73881ccf27ab625ffc77d20d4a1b9b953736ffd836a95b98f6f243763fbdd7d1cbfe4a5ac9c37c0cbcd5c839
SSDEEP

12288:9JsoJsecC2s2Vm8Ah565XlSda+P7pJ+lnk8w9Jxi9/:LsoKeN2s2Q8+565XOas7pMPmiN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
114b28cbb89bb72bc6bf5ab4a87a720f

Files

114b28cbb89bb72bc6bf5ab4a87a720f
.exe windows:4 windows x86 arch:x86

241bf9caf9b873d9ee00b96a4ebcfca2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
InterlockedIncrement
DeleteCriticalSection
FreeEnvironmentStringsA
GetVersionExA
GetCommandLineA
HeapAlloc
LoadLibraryA
GetEnvironmentStrings
TlsAlloc
FreeEnvironmentStringsW
CompareStringA
GetCPInfo
GetLocaleInfoW
WideCharToMultiByte
WriteFile
GetLastError
HeapSize
InitializeCriticalSection
FreeLibrary
UnhandledExceptionFilter
GetStartupInfoA
InterlockedDecrement
GetStartupInfoW
WriteProfileStringA
IsValidLocale
GetTimeZoneInformation
HeapDestroy
GetProcAddress
GetCurrentThread
HeapCreate
HeapFree
EnterCriticalSection
GetProcessHeap
EnumSystemLocalesA
LCMapStringA
VirtualQuery
Sleep
LCMapStringW
TlsGetValue
GetLocaleInfoA
LeaveCriticalSection
GetDateFormatA
GetUserDefaultLCID
HeapReAlloc
SetUnhandledExceptionFilter
ExitProcess
GetCommandLineW
GetACP
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
SetEnvironmentVariableA
GetModuleHandleA
GetStringTypeW
MultiByteToWideChar
SetConsoleCtrlHandler
GetCurrentThreadId
TlsSetValue
IsDebuggerPresent
GetOEMCP
GetTimeFormatA
GetCurrentProcessId
GetModuleFileNameA
SetHandleCount
GetModuleFileNameW
CompareStringW
GetTickCount
IsValidCodePage
GetEnvironmentStringsW
GetStringTypeA
VirtualFree
TlsFree
RtlUnwind
GetStdHandle
GetSystemTimeAsFileTime
InterlockedExchange
SetLastError

comdlg32

PageSetupDlgA
ChooseFontW
FindTextA
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontA
PageSetupDlgW
GetSaveFileNameA
ChooseColorA
ReplaceTextW
GetFileTitleA
ReplaceTextA

shell32

SheSetCurDrive
RealShellExecuteW
SHGetNewLinkInfo
SHAppBarMessage
SHAddToRecentDocs
SHGetFileInfo
SHQueryRecycleBinW
SHUpdateRecycleBinIcon
SHEmptyRecycleBinA
DragQueryPoint

advapi32

GetUserNameW

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

241bf9caf9b873d9ee00b96a4ebcfca2

Headers

File Characteristics

Imports

kernel32

comdlg32

shell32

advapi32

Sections

.text Size: 154KB - Virtual size: 153KB

.data Size: 278KB - Virtual size: 307KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 154KB - Virtual size: 153KB

.data
Size: 278KB - Virtual size: 307KB

.rsrc
Size: 7KB - Virtual size: 6KB