22244216f763e7807b05a5af686c3986

Sharing

Copy URL

Twitter E-mail

General

Target

22244216f763e7807b05a5af686c3986
Size

92KB
MD5

22244216f763e7807b05a5af686c3986
SHA1

07e1044b599fc6ef6c613e41e4444303283026a2
SHA256

cb0436c8b269194183d381bc7519602f13c15870eb65cf9826ebc149fea59f5c
SHA512

c406959bdd50e51d4faaaa78fde9464e35077efb51266f06415256fc8b56c656a7e11d9dd39426619e4f14ecd7fbd5e544257b2bd9aa16d2047869cfbc355427
SSDEEP

1536:RnBSeM0l7hTg/9kdus2aHNq1YVVq/WyCOsfN733hp86g9/VN8DYnKtaVQZJ/B40:RnBdhkmTVHw1YVA/0V7HLU/V+DR0qZc0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22244216f763e7807b05a5af686c3986

Files

22244216f763e7807b05a5af686c3986
.exe windows:5 windows x86 arch:x86

f9b7e975d3ba833974c7e8147f644bae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteExA
DuplicateIcon

gdiplus

GdipAddPathStringI
GdipAddPathString
GdipNewPrivateFontCollection
GdipGetPathLastPoint
GdipAddPathLineI
GdipGetVisibleClipBoundsI
GdipCreateBitmapFromScan0
GdipAddPathPath
GdipIsOutlineVisiblePathPoint
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePointI
GdipNewInstalledFontCollection

kernel32

ResetWriteWatch
CreateIoCompletionPort
GetSystemInfo
ReadFileEx
GetFileSize
SetCommBreak
SetCommConfig
CopyFileW
GetFileSizeEx
DeleteFileW
DeleteFileA
HeapReAlloc
HeapAlloc
GetCommandLineA
FatalAppExitW
GetModuleHandleA
CloseHandle
HeapFree
GetModuleHandleExW
GlobalLock
LocalFlags
GetEnvironmentStrings
LocalShrink
IsProcessorFeaturePresent
GetWriteWatch
IsDBCSLeadByte
GlobalUnlock
GetProcAddress

user32

GetMessageA
ExitWindowsEx
PtInRect
RegisterHotKey
ExcludeUpdateRgn
UnregisterHotKey
ScrollWindowEx
DispatchMessageA
ShowScrollBar
EnableScrollBar
SendMessageCallbackW
BroadcastSystemMessageW
InvalidateRect
SetRect
TranslateMessage
GetScrollRange

advapi32

LogonUserA
RegOpenKeyA
QueryServiceConfigA
RegOpenKeyExW
RegConnectRegistryW
AbortSystemShutdownA
GetTokenInformation
SetThreadToken
OpenServiceA

Exports

Exports

_LoadImages@4
_ReleaseBitmap@8
_UpdateControls@8

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9b7e975d3ba833974c7e8147f644bae

Headers

DLL Characteristics

File Characteristics

Imports

shell32

gdiplus

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 160B

.pdata Size: 512B - Virtual size: 512B

.rsrc Size: 80KB - Virtual size: 79KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 160B

.pdata
Size: 512B - Virtual size: 512B

.rsrc
Size: 80KB - Virtual size: 79KB

.reloc
Size: 512B - Virtual size: 316B