1b97a0bae8ec413df4abf52806164053

General

Target

1b97a0bae8ec413df4abf52806164053
Size

52KB
MD5

1b97a0bae8ec413df4abf52806164053
SHA1

17cb9dad595d7fa007aa6c75a511642f2b77af6e
SHA256

a7dfcfd4c10aa87d4ef2ed7cdaab248be39923104e335df15bcc57eea5183dcf
SHA512

8372c2558756dfb8343399ae673ffa2ac90b85611a7844546c60d8d6fec1688329c32bfdc4e2e42f55bb9a816cca4b1b023439c6fee0011987db0ab7afa22227
SSDEEP

768:FO9MvozPJD0RNYWvhtbhN0OPVaJxUdHwbf2YzXsH2UkfTYcHa8lXKZkKk+GEjHZT:A9vx+7tN0ewDVj3TsyYc6NVkREjlr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b97a0bae8ec413df4abf52806164053

Files

1b97a0bae8ec413df4abf52806164053
.exe windows:4 windows x86 arch:x86

ca3aed8b5d679665ff0eb63fcea10496

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
FindNextChangeNotification
SetEvent
MoveFileW
CreateThread
VirtualAlloc
FindNextFileW
FindResourceExW
ResetEvent
TerminateThread
GetFileAttributesExW
GetCurrentThread
CreateProcessW
FindFirstChangeNotificationW
GetCurrentThreadId
FindResourceW
GetFileAttributesW
GlobalLock
ReadFile
DuplicateHandle
LockResource
GetProcAddress
FindFirstFileW
lstrcpyW
MulDiv
SizeofResource
LoadLibraryW

user32

GetKeyState
DestroyMenu
GetDlgItem
LoadStringW
GetWindowTextW
EndDialog
SetLayeredWindowAttributes
MessageBoxW
FillRect
SetCursor
RegisterWindowMessageW
DispatchMessageW
CreateWindowExW
SetCursorPos
GetMessageW
TranslateMessage
PostQuitMessage
CreatePopupMenu
GetWindowThreadProcessId
SetWindowTextW
GetParent
SystemParametersInfoW
PostMessageW
SendMessageW

gdi32

CreateSolidBrush
SelectObject
GetClipBox
DeleteDC
BitBlt
CreateFontIndirectW
LineTo
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameW
RegCreateKeyExW
SetSecurityDescriptorDacl
StartServiceW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca3aed8b5d679665ff0eb63fcea10496

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 996B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 996B