20ee0403e5f55470f2e884a51845461d

Sharing

Copy URL Twitter E-mail

General

Target

20ee0403e5f55470f2e884a51845461d
Size

459KB
MD5

20ee0403e5f55470f2e884a51845461d
SHA1

3c2c1086727a9158824031f258270f1a3adaaefd
SHA256

b6f7a05c3c09749811b2c78eacd9130a9fcaba38075c8bf88761c8bcf977ea55
SHA512

138fee3abc85536bd9d8afd464bd1ece2af53cb51a2e6911e7ebf557eb361bfafe466b789b72d235f599fdbe8cb0598b96feff21474ac6cecec197ef86b5dd02
SSDEEP

6144:MJ2jWZAkNVMciETLsFr/2Pgf70mGlVkuhH7FWBwPW13zc9bEUomcjNNIXi5C5a:NxdXKLqr/2Pk7LibhHoqPWAlRcjEgC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ee0403e5f55470f2e884a51845461d

Files

20ee0403e5f55470f2e884a51845461d
.exe windows:4 windows x86 arch:x86

6207f0d401026fd96ab67357f27b9c22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PageSetupDlgW
ChooseColorA

shell32

SHInvokePrinterCommandW
SHFileOperation

advapi32

RegReplaceKeyA
CryptCreateHash
AbortSystemShutdownA
InitializeSecurityDescriptor
LookupPrivilegeDisplayNameA
LookupAccountSidW
CryptSetProviderA

kernel32

VirtualQuery
GetProfileSectionA
GetTimeZoneInformation
IsValidCodePage
SetUnhandledExceptionFilter
GetModuleHandleA
SetEnvironmentVariableA
MultiByteToWideChar
WriteFile
GetEnvironmentStringsW
MapViewOfFileEx
InterlockedExchange
ExitProcess
TlsFree
LCMapStringA
TlsGetValue
HeapSize
GetOEMCP
GetLocaleInfoW
QueryPerformanceCounter
RtlUnwind
HeapAlloc
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
CompareStringA
GetUserDefaultLCID
VirtualFree
HeapReAlloc
SetLastError
GetCurrentThreadId
DeleteCriticalSection
FindResourceW
SetHandleCount
LocalAlloc
HeapDestroy
TlsSetValue
GetStdHandle
GetLastError
HeapFree
FreeEnvironmentStringsA
UnhandledExceptionFilter
Sleep
GetCurrentProcess
CompareStringW
GetProcAddress
GetSystemTimeAsFileTime
GetVersionExA
GetTickCount
GetProcessHeap
WideCharToMultiByte
GetStartupInfoA
InterlockedIncrement
GetStringTypeA
TerminateProcess
TlsAlloc
IsValidLocale
FreeEnvironmentStringsW
GetACP
HeapCreate
LCMapStringW
GetStringTypeW
InterlockedDecrement
SetConsoleCtrlHandler
GetCurrentThread
GetCPInfo
GetCurrentProcessId
GetEnvironmentStrings
ExpandEnvironmentStringsW
VirtualAlloc
LoadLibraryA
FreeLibrary
EnumSystemLocalesA
InitializeCriticalSection
WritePrivateProfileStringW
GetDateFormatA
GetCommandLineA
GetModuleFileNameA
GetTimeFormatA
GetLocaleInfoA
GetFileType

gdi32

SetWindowOrgEx
SetSystemPaletteUse
StartDocA
SetBitmapDimensionEx
GetCharWidth32W
CreateColorSpaceW
CreatePenIndirect
CreateBrushIndirect
GetEnhMetaFileW
WidenPath
GetDCOrgEx
GetEnhMetaFileDescriptionW
GetOutlineTextMetricsA
CopyEnhMetaFileW
RestoreDC
Pie
CreateFontW
StretchBlt
CombineRgn
GetKerningPairsW
ExtFloodFill
GetMetaFileBitsEx
LPtoDP

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6207f0d401026fd96ab67357f27b9c22

Headers

File Characteristics

Imports

comdlg32

shell32

advapi32

kernel32

gdi32

Sections

.text Size: 154KB - Virtual size: 154KB

.rdata Size: 9KB - Virtual size: 22KB

.data Size: 280KB - Virtual size: 280KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 9KB - Virtual size: 22KB

.data
Size: 280KB - Virtual size: 280KB

.rsrc
Size: 14KB - Virtual size: 14KB