1227c5b07170344fc3982654f2b2ac8e

Sharing

Copy URL Twitter E-mail

General

Target

1227c5b07170344fc3982654f2b2ac8e
Size

596KB
MD5

1227c5b07170344fc3982654f2b2ac8e
SHA1

fd00257398962365705dfeb3c78fd426df00c9da
SHA256

1233099bd7cef5df225c0f6b31b1db0da7d408ae7e5f43180c1893a45d46145c
SHA512

dd383985a3965c35863faaa82623b1382d0208f208e0cd9b2425e95407356d6f06a9a309c0e978ce1bfe88df081f40ea82ed33d2e9629191dd2d37b68b7deb5c
SSDEEP

12288:3cGuBwYUhV58TPRR+N0u8oNR/6dLqGSHXGXar:zv877+Nn/NRMS3GXa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1227c5b07170344fc3982654f2b2ac8e

Files

1227c5b07170344fc3982654f2b2ac8e
.exe windows:4 windows x86 arch:x86

ebf1308c2950d0afb35a03bf47fdf381

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
CloseHandle
LeaveCriticalSection
UnhandledExceptionFilter
GetModuleHandleA
HeapFree
ReleaseMutex
CreateMutexA
GetUserDefaultLCID
FindNextChangeNotification
GetDateFormatA
GetCurrentProcessId
GetCurrentThreadId
CompareStringA
GetACP
GetCPInfo
GetLocaleInfoW
SetLastError
QueryPerformanceCounter
GetStringTypeA
TlsAlloc
TerminateProcess
WriteFile
TlsFree
GetProfileIntW
GetTempPathW
GetStringTypeW
FreeEnvironmentStringsA
GetNumberFormatW
SetHandleCount
OpenFileMappingA
DeleteCriticalSection
WriteConsoleInputW
IsValidCodePage
SetStdHandle
OpenMutexA
VirtualProtect
GlobalLock
LockResource
SetFilePointer
GetTimeFormatA
GetStartupInfoA
FreeEnvironmentStringsW
IsBadWritePtr
TlsGetValue
LCMapStringA
MoveFileExW
IsValidLocale
VirtualFree
SetEnvironmentVariableA
GetCurrentProcess
RtlUnwind
FlushFileBuffers
GetCommandLineA
LoadLibraryA
GetStdHandle
GetPrivateProfileSectionNamesW
MultiByteToWideChar
GetOEMCP
GetProcAddress
InterlockedExchange
HeapDestroy
WideCharToMultiByte
TlsSetValue
GetEnvironmentStrings
VirtualAlloc
HeapAlloc
EnterCriticalSection
CreateFileA
GetCurrentThread
RtlFillMemory
LCMapStringW
GetLocaleInfoA
HeapReAlloc
VirtualQuery
ReadFile
GetVersionExA
GetComputerNameA
GetSystemInfo
DuplicateHandle
SetEvent
ExitProcess
GetSystemTimeAsFileTime
InitializeCriticalSection
GetTimeZoneInformation
GetTickCount
HeapCreate
GetFileAttributesExW
CreateProcessW
GetEnvironmentStringsW
GetModuleFileNameA
EnumSystemLocalesA
GetLastError
GetFileType
MoveFileW
HeapSize

comdlg32

GetSaveFileNameA
PrintDlgW
PageSetupDlgW

advapi32

RegDeleteValueA
CryptSetKeyParam
CryptAcquireContextA
CryptEnumProvidersA
LogonUserW
RegSaveKeyW
ReportEventW
CryptDuplicateKey
CryptSetProvParam
InitiateSystemShutdownW
CryptHashData
RegNotifyChangeKeyValue
RevertToSelf
GetUserNameA
RegQueryValueW
RegEnumKeyW
CreateServiceW
CryptSignHashA
CryptGetKeyParam

comctl32

ImageList_GetImageRect
InitCommonControlsEx
ImageList_Write
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Replace
ImageList_Merge
CreateStatusWindowW
CreateMappedBitmap
ImageList_Create
ImageList_GetFlags
ImageList_Copy
ImageList_EndDrag
ImageList_SetFilter
ImageList_SetOverlayImage
ImageList_Read
ImageList_Remove

shell32

ExtractIconEx

user32

GetTopWindow
ClientToScreen
CreateWindowExA
GetMenuItemCount
MsgWaitForMultipleObjects
RegisterClassExA
BringWindowToTop
GetCursorInfo
RemovePropA
EnumPropsExW
InsertMenuW
GetUpdateRgn
MessageBoxA
GetMenuItemInfoA
UpdateWindow
DrawStateA
SendDlgItemMessageW
SwapMouseButton
WINNLSEnableIME
RegisterClassA
ShowWindow
DefWindowProcA
GetWindowThreadProcessId
GetDialogBaseUnits
GetForegroundWindow
GrayStringW
GetClipboardSequenceNumber
FillRect
SetClassLongW
DefDlgProcW
DestroyWindow

wininet

GopherFindFirstFileA
FindNextUrlCacheEntryExW
InternetTimeToSystemTimeA
GetUrlCacheGroupAttributeW
InternetCombineUrlA
SetUrlCacheGroupAttributeA
ShowCertificate
UnlockUrlCacheEntryFile

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebf1308c2950d0afb35a03bf47fdf381

Headers

File Characteristics

Imports

kernel32

comdlg32

advapi32

comctl32

shell32

user32

wininet

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 264KB - Virtual size: 260KB

.data Size: 108KB - Virtual size: 111KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 264KB - Virtual size: 260KB

.data
Size: 108KB - Virtual size: 111KB

.rsrc
Size: 24KB - Virtual size: 23KB