1be36e999ac7cf02f6c7a2e0dae021d2

Sharing

Copy URL Twitter E-mail

General

Target

1be36e999ac7cf02f6c7a2e0dae021d2
Size

532KB
MD5

1be36e999ac7cf02f6c7a2e0dae021d2
SHA1

dba03c33018d5ac56622da479741d616aa9e8fa7
SHA256

18a9c474a5a98d9945254e11f517876a7f6b34e788c24ab7af6b749965d29aeb
SHA512

3d4987a52971ba062575085d6c6972548dd030d9f7ee04f321513692b69eaf68dbb545181d7bcb844ba5aaa0af80b93e6186e39d6bb173ba8443559ca3c76a8b
SSDEEP

6144:JXdlW2COGVwUFKiBpkswRlrz65dNFyb95R+/CKnvr8bViEM5gMo7eAzd/iE/2tUY:Jq2+xcCF07+1nT8Aqx/iaSEdIbHus

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1be36e999ac7cf02f6c7a2e0dae021d2

Files

1be36e999ac7cf02f6c7a2e0dae021d2
.exe windows:4 windows x86 arch:x86

e6ce454bd058b73d270554bc5f444330

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutReset
mmioWrite
mciSetYieldProc
waveOutSetVolume
midiInGetErrorTextW
waveOutUnprepareHeader
midiInGetID
mixerClose
mciGetDeviceIDA
mixerMessage
midiInClose
aux32Message
midiInUnprepareHeader
waveOutWrite
mmTaskCreate

kernel32

SetCommTimeouts
SetEnvironmentVariableW
SetEvent
LoadLibraryA
GetProcAddress
UnregisterWait
GetModuleHandleA
GetSystemTime
IsValidLocale
GetVersion
GetHandleInformation
VirtualAlloc
GetStartupInfoA
ExitProcess

user32

TileChildWindows
CheckRadioButton
LoadCursorFromFileA
GetDlgItem
GetWindowModuleFileNameA
GetUserObjectInformationW
GetCursor
GetClassLongA

gdi32

SetBitmapBits
StartDocW
AddFontResourceExA
CreateEnhMetaFileW
CreateDIBPatternBrushPt
Pie
SetMiterLimit
SetColorAdjustment
GetNearestPaletteIndex
CombineRgn
OffsetRgn
GdiPlayScript
SetStretchBltMode
ExtSelectClipRgn
SetTextJustification
ExtFloodFill
GetMetaRgn
GetClipRgn
GdiFlush
GetEnhMetaFilePaletteEntries
CreateDIBSection

shell32

SHUpdateRecycleBinIcon
StrRStrIA
CheckEscapesW
StrRStrIW
DoEnvironmentSubstW
SheGetDirA
StrCmpNIW
ord179
DragQueryFileA
SHBrowseForFolderA
ExtractIconExW

comctl32

ImageList_GetIconSize
ord16
FlatSB_SetScrollInfo

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerFindFileA
VerInstallFileA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW

winspool.drv

StartDocPrinterW
SetFormA
FreePrinterNotifyInfo
XcvDataW
ord205
StartPagePrinter
DeletePrinterDataW
EnumPortsW
ConfigurePortW
GetPrinterDriverW
AddPrintProvidorW
EndDocPrinter
EnumPrinterDataW
AddPrinterDriverW
ord215
ord208
StartDocDlgA
DeviceMode
AddPrintProcessorW
SetPortW
AddPrinterDriverExA
AdvancedDocumentPropertiesA
DeleteMonitorW
ord204

msvcrt

_wmkdir
fread
_safe_fprem1
_strncoll
fmod
fwprintf
_wexecvpe
ftell
__p___argv
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
fclose
fprintf
_unlink
sprintf
_ismbbkpunct
feof
memset
fsetpos
fputc
signal
_ltoa
fopen
_controlfp
__dllonexit
_onexit
fflush
ferror
_atodbl
fseek
bsearch
fwrite
_wfopen
fputs
isspace
_exit
_mbsnbcpy
wcsncmp
printf

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e6ce454bd058b73d270554bc5f444330

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

shell32

comctl32

version

winspool.drv

msvcrt

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 484KB - Virtual size: 480KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 484KB - Virtual size: 480KB