13ffeea3418bfbc06340ff2a6a024083

Sharing

Copy URL Twitter E-mail

General

Target

13ffeea3418bfbc06340ff2a6a024083
Size

142KB
MD5

13ffeea3418bfbc06340ff2a6a024083
SHA1

f58c7741ada38fcdebb200e69824240c34ccdf17
SHA256

baf8e7655832a3f01791a2375f8c6a6e0d5f1bf273d00b4442b5d83a6550d5ab
SHA512

9b4bb7326b4a8c9c92baa64e221ffda731e9f99b8b037c657a161db75919a4b612aad5addb400c1153196e96841e084c7881f2faa2113c7d159e23aba1c9845d
SSDEEP

3072:wZ23asQabS50QZO92yq36rqPN0HZFlBkw+86F/wRQ79cccI9bX/cbTMJq:wMo50QZOFq3bPNqVkp8/VId4Ty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13ffeea3418bfbc06340ff2a6a024083

Files

13ffeea3418bfbc06340ff2a6a024083
.exe windows:5 windows x86 arch:x86

cc3964fa3b8c3f2ff7f4c8a51dc72e1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
FormatMessageA
TlsGetValue
ReadFile
SetFilePointer
LoadLibraryW
SetCurrentDirectoryA
ResetEvent
WritePrivateProfileStringW
LeaveCriticalSection
GetModuleHandleA
WritePrivateProfileStringA
ExitThread
GetStringTypeA
SetConsoleMode
LockResource
GetExitCodeProcess
TlsAlloc
GetNumberFormatW
VirtualFree
GetSystemWindowsDirectoryW
CreateMutexA
OutputDebugStringA
VirtualProtect
GetProcAddress
SetFileTime
TerminateProcess
SetCurrentDirectoryW

msvcrt

__set_app_type
strerror
memset
__winitenv

user32

CallWindowProcW
LoadCursorW
GetForegroundWindow
GetClipboardData
DrawEdge
wsprintfA
IsWindow
CreateWindowExA
DispatchMessageW
CopyRect

gdi32

BitBlt
SetStretchBltMode
CreateSolidBrush
GetStockObject
DeleteDC
SelectPalette
ExtTextOutW
GetTextMetricsW
StretchBlt
TextOutW
CreateRoundRectRgn
GetRegionData
CreateCompatibleBitmap
LineTo
SetTextColor
CreateBitmap
SetBkMode
DeleteObject
GetTextExtentPoint32W

tapi32

lineGetCallInfoA
lineGetAddressCaps
lineAgentSpecific
tapiGetLocationInfoW
lineMakeCallW

Exports

Exports

FfdYpvvdxuJgkqeuxJfqxQx
DrrOzvb
StquAiehPztqgumUg

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc3964fa3b8c3f2ff7f4c8a51dc72e1c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

tapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 52KB - Virtual size: 51KB

.CRT Size: 39KB - Virtual size: 38KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 136B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 52KB - Virtual size: 51KB

.CRT
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 136B