1895e45a323099242657b336e7cdfc7f

General

Target

1895e45a323099242657b336e7cdfc7f
Size

15KB
MD5

1895e45a323099242657b336e7cdfc7f
SHA1

233f92b6809a904c2f84cb486d24b73ba84b4b2c
SHA256

ebe55e9508b3239684e3f7cbef935ebca10fba6d7baa2445cb2d451ea06134e2
SHA512

1de90f49a128698bf1199a1b335b24593a29c61796e893b3f567e537261b65ed8c672c384ab4ba8c05035c9e096cbeb9a8958e127bfcee3b7bcefae27646560f
SSDEEP

192:v/h3F4vgtgEepkgaK9fcq/MiHuih5GSdXjywlYGEawpJ3AykL5KSCBXT:vZ3qvgatRtLMOh5ll7LwplLQP6X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1895e45a323099242657b336e7cdfc7f

Files

1895e45a323099242657b336e7cdfc7f
.dll windows:4 windows

b220741c787714ece881e3924fcf3622

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

RegisterClassExW
CallWindowProcW
TabbedTextOutA
wsprintfA
ReplyMessage
CharLowerW
AnimateWindow
CallMsgFilterW

kernel32

lstrlenA
lstrcpyA
CloseHandle
CreateMutexA
ExitProcess
ExitThread
FlushViewOfFile
GetSystemTime
GetTickCount
LoadLibraryA
LoadLibraryExA
OpenMutexA
lstrcatA
RtlMoveMemory
SizeofResource
Sleep
SystemTimeToFileTime

shell32

ExtractIconExA
DuplicateIcon

advapi32

GetFileSecurityA
GetSecurityInfo
GetMultipleTrusteeOperationA
GetMultipleTrusteeA
GetLengthSid

gdi32

GetPolyFillMode
GetROP2
SetRelAbs
GetPixelFormat
StartPage
GetPixel
GetPath
GetClipBox
GetPaletteEntries
SetWindowOrgEx

ws2_32

setsockopt
socket
recv
connect

ntdll

RtlGetProcessHeaps
RtlGetCallersAddress
RtlGetAce
RtlFreeHandle
RtlFormatMessage
NtCreateTimer
NtCreateMutant
NtContinue
NtClearEvent
NtCancelTimer
NtCancelIoFile

Exports

Exports

koulmg

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b220741c787714ece881e3924fcf3622

Headers

File Characteristics

Imports

user32

kernel32

shell32

advapi32

gdi32

ws2_32

ntdll

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 71KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 71KB

.reloc
Size: 1KB - Virtual size: 1KB