18a425f00e8d1e1084a42e80b6ab7113

Sharing

Copy URL

Twitter E-mail

General

Target

18a425f00e8d1e1084a42e80b6ab7113
Size

76KB
MD5

18a425f00e8d1e1084a42e80b6ab7113
SHA1

9c8ff0bc7935d50d669e31b3cb6623a23e7f443d
SHA256

bddc212ad99db3b5c9b67a014a76614a7239a19ec3d6764afeae3b5ceeb497c4
SHA512

449538087a36fd52fe5f349ebe2acdf15cd41d7a3736c13b513fec8924729e6b70cc5b179d6dc804a2794c32b24c7f1504821e9ed8ccbbccc1bd047c0c77bd72
SSDEEP

1536:5kp50xHYeGh8wD04WMvsJSDq+JlNkrAaDEIo2m28fUbBHtGmF0W:s0xHYeGh8ww4WMvmSDX3AmA88bBZ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18a425f00e8d1e1084a42e80b6ab7113

Files

18a425f00e8d1e1084a42e80b6ab7113
.exe windows:4 windows x86 arch:x86

7eee251ce8fac55ec18f97af3ad69fdd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BindIoCompletionCallback
CloseHandle
CompareStringW
CreateMailslotA
DebugActiveProcess
EndUpdateResourceW
EraseTape
ExitProcess
FindFirstChangeNotificationA
GetCalendarInfoW
GetCommandLineA
GetDefaultCommConfigW
GetEnvironmentStringsA
GetFileAttributesA
GetFileSizeEx
GetModuleHandleA
GetNamedPipeHandleStateA
GetProfileStringW
GetStartupInfoA
GetStringTypeExA
GetStringTypeExW
GetSystemDefaultLCID
GetUserDefaultLangID
GetVersionExA
GetVolumeNameForVolumeMountPointA
GlobalGetAtomNameW
HeapAlloc
HeapCreate
HeapFree
InitAtomTable
IsProcessorFeaturePresent
LocalSize
LockResource
MultiByteToWideChar
PulseEvent
SetCommTimeouts
SetLocalTime
SetMailslotInfo
SetThreadExecutionState
UnhandledExceptionFilter
UpdateResourceW
VirtualUnlock
_lopen
lstrcpynA

user32

ScrollWindowEx
SetClassLongA
ScreenToClient
ReleaseDC
RegisterWindowMessageA
PostQuitMessage
MsgWaitForMultipleObjects
IsZoomed
GetWindowDC
GetUpdateRgn
GetScrollInfo
GetFocus
GetCapture
EndPaint
EnableWindow
SetWindowLongA
SetWindowPos
UpdateWindow
EnableMenuItem
DrawFrameControl
DrawEdge
DefFrameProcA
CreateIconIndirect
CheckMenuRadioItem
BeginPaint
BeginDeferWindowPos
SetFocus

advapi32

OpenSCManagerW
QueryServiceConfig2A
ObjectCloseAuditAlarmA
LsaFreeMemory
InitiateSystemShutdownExW
EncryptFileW
ElfBackupEventLogFileA
DeregisterEventSource
CryptSignHashW
CryptGetKeyParam
CryptExportKey
CryptCreateHash
CryptAcquireContextA
CreateWellKnownSid
ConvertToAutoInheritPrivateObjectSecurity
ConvertStringSDToSDRootDomainA
ConvertSecurityDescriptorToAccessNamedA
CloseEncryptedFileRaw
AllocateLocallyUniqueId
AbortSystemShutdownA
QueryServiceConfig2W
StartServiceCtrlDispatcherW
RegReplaceKeyA
SetTraceCallback
SetAclInformation

olepro32

OleLoadPicture
OleCreateFontIndirect

oleacc

GetRoleTextA
GetStateTextW
ObjectFromLresult

security

VerifySignature
FreeContextBuffer
QueryContextAttributesA
QuerySecurityPackageInfoW

comctl32

ImageList_Write
CreateStatusWindowA
DrawStatusTextW
FlatSB_SetScrollProp
GetEffectiveClientRect
ImageList_BeginDrag
ImageList_DragLeave
ImageList_EndDrag
ImageList_GetImageRect
ImageList_SetIconSize
ImageList_SetImageCount
PropertySheetA

oledlg

OleUIAddVerbMenuA
OleUIAddVerbMenuW
OleUIInsertObjectA

comdlg32

ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
PrintDlgA
PrintDlgExW
ReplaceTextA
PrintDlgW

Sections

.text
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7eee251ce8fac55ec18f97af3ad69fdd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

olepro32

oleacc

security

comctl32

oledlg

comdlg32

Sections

.text Size: 45KB - Virtual size: 48KB

.data Size: 27KB - Virtual size: 28KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 48KB

.data
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB