12983983911a7d6eb658158cfdbab58e

Sharing

Copy URL Twitter E-mail

General

Target

12983983911a7d6eb658158cfdbab58e
Size

259KB
MD5

12983983911a7d6eb658158cfdbab58e
SHA1

465a6a11927d1304685646700cca35e6c72891d1
SHA256

e08185f6f17aced5ed626e75095f376bcafbe52ad9f81a6526dd9276160492eb
SHA512

76f6e5a2d771dd75550229dedf9aa5ddc02bf4ee0bf8564de45890a7768bff3d35d3b1b26ab9490b1bdb195ee16728b63659470204b14f5d89f5512b72e85ac1
SSDEEP

6144:yBNlnNEvV4MwvA7WlLMWsfvgGdi9CmvV6NmxkjhYKAZZob7kW:236tBWUlAGdiA/kxkjb0ZRW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12983983911a7d6eb658158cfdbab58e

Files

12983983911a7d6eb658158cfdbab58e
.exe windows:6 windows x86 arch:x86

c6b4b422d59e6aa6f8b1f1ee51f8b05e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

atl

ord16
ord44
ord23

ole32

CoInitializeSecurity
CoCreateInstance
CoTaskMemFree

user32

GetSysColor
WindowFromPoint
SendInput
DestroyWindow
PostThreadMessageW
ShowWindow
CallNextHookEx
CloseDesktop
CallWindowProcW
GetDoubleClickTime
DrawIconEx
DestroyIcon
ReleaseDC
DefWindowProcW
GetWindowLongW
RegisterDeviceNotificationW
MoveWindow
GetAncestor
UnhookWindowsHookEx
GetSysColorBrush
GetMessageW
MonitorFromPoint
GetSystemMetrics
DispatchMessageW
ClientToScreen
FillRect
EqualRect
LoadStringW
RegisterWindowMessageW
PtInRect
PostMessageW
SetWindowsHookExW
LoadImageW
EnumDisplayMonitors
CreateWindowExW
EnumDisplaySettingsW
GetDesktopWindow

kernel32

lstrlenW
GetTickCount
VirtualFree
ReadFile
GetPriorityClass
OpenProcess
LeaveCriticalSection
CancelIo
SetPriorityClass
CreateWaitableTimerW
GetStartupInfoW
CreateFileMappingW
SetEvent
HeapFree
CloseHandle
SetThreadPriority
GetTickCount
InterlockedDecrement
LoadLibraryW
HeapAlloc
VerSetConditionMask
GetCurrentThreadId
CreateEventW
OpenEventW
GetProcessWorkingSetSize
SetThreadExecutionState
GetSystemDirectoryW
GlobalDeleteAtom
GetCurrentProcess
MulDiv
VirtualAlloc
ReleaseMutex
GetCurrentThread
UnmapViewOfFile
DuplicateHandle
CancelWaitableTimer

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsExW
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW

gdi32

SelectObject
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush

advapi32

SetSecurityDescriptorOwner
InitializeSecurityDescriptor
CopySid
RegCloseKey
RegOpenKeyW
OpenProcessToken
RegQueryValueExW
OpenThreadToken
RegCreateKeyExW
RegSetValueW
RegCreateKeyW
SetSecurityDescriptorDacl

msvcrt

_ftol
??1type_info@@UAE@XZ
wcscpy
exit
free
_wfopen
??2@YAPAXI@Z
__setusermatherr
??3@YAXPAX@Z
_c_exit
?terminate@@YAXXZ
wcscmp
_beginthreadex
__p__fmode
fputws
_XcptFilter
_itow
wcsstr
_wcmdln
__CxxFrameHandler
wcstol
_wcsicmp

hid

HidD_GetAttributes
HidP_GetSpecificValueCaps
HidD_GetPreparsedData

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6b4b422d59e6aa6f8b1f1ee51f8b05e

Headers

DLL Characteristics

File Characteristics

Imports

atl

ole32

user32

kernel32

setupapi

gdi32

advapi32

msvcrt

hid

Sections

.text Size: 171KB - Virtual size: 171KB

.data Size: 69KB - Virtual size: 68KB

.rsrc Size: 17KB - Virtual size: 584KB

.text
Size: 171KB - Virtual size: 171KB

.data
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 17KB - Virtual size: 584KB