20f00c0bdc5e3814e5c28c6732d17e38

General

Target

20f00c0bdc5e3814e5c28c6732d17e38
Size

114KB
MD5

20f00c0bdc5e3814e5c28c6732d17e38
SHA1

3ae63ea3d64b86a1adb3fb12aca922f251decfa2
SHA256

98bf12cda1708bb54b291fe16abd0fb0a58b39b60c5cdd844a450212bcde5486
SHA512

049b92e10a754ff13abc386c678bfee6378a58b6b7ad8a3453eac026fd24f969cdec132c1efb2c19ca28652ec65b611f48cb5ce8fd272058a3e5f4f21e25a4c6
SSDEEP

3072:8XlRPx+pkLUAmcITCxc12xQ/abk5Lx0DRXNG:8XzQaLhmcI+xXQ/S81AXw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20f00c0bdc5e3814e5c28c6732d17e38

Files

20f00c0bdc5e3814e5c28c6732d17e38
.exe windows:4 windows x86 arch:x86

14888a89850e49920f8bbc1b4dd3ecd8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
HeapFree
FreeLibrary
SetLastError
HeapAlloc
GetFileSize
GetCommandLineA
WideCharToMultiByte
lstrcmpA
GetCPInfo
GetModuleFileNameA
CloseHandle
lstrcpyA
Sleep
GetStringTypeA
lstrcpynA
GlobalAlloc
GlobalFree
GetLastError
GetLocalTime

advapi32

RegQueryValueW
RegDeleteKeyA
RegFlushKey
RegDeleteKeyW
RegOpenKeyW
RegQueryInfoKeyA
RegQueryValueExA
RegEnumValueA
RegReplaceKeyW
RegQueryValueExW
RegCreateKeyW
RegReplaceKeyA
RegEnumKeyExW
RegEnumKeyA
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueA
RegGetKeySecurity
RegEnumValueW
RegOpenKeyExW

user32

GetWindowTextLengthA
CloseWindow
AppendMenuA
AlignRects
IsMenu
DrawTextW
LoadCursorA
GetMenu
GetDlgItem
DrawTextA
DialogBoxParamA
CalcMenuBar
IsWindow
GetDC
CopyRect
InsertMenuA
CopyImage
EndDialog
DrawIconEx

comctl32

ImageList_DragEnter
ImageList_DrawIndirect
InitCommonControls
ImageList_Merge
ImageList_Draw
ImageList_Replace
ImageList_BeginDrag
ImageList_GetDragImage
ImageList_DragMove
ImageList_GetIconSize
ImageList_LoadImage
ImageList_Destroy
ImageList_LoadImageW
ImageList_Read
ImageList_DragShowNolock
ImageList_ReplaceIcon
ImageList_Copy
ImageList_DragLeave

Sections

.orfAz
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KIwWSQ
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OnGF
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INNZE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14888a89850e49920f8bbc1b4dd3ecd8

Headers

File Characteristics

Imports

kernel32

advapi32

user32

comctl32

Sections

.orfAz Size: 11KB - Virtual size: 11KB

.KIwWSQ Size: 95KB - Virtual size: 95KB

.OnGF Size: 1024B - Virtual size: 120KB

.INNZE Size: 2KB - Virtual size: 2KB

.orfAz
Size: 11KB - Virtual size: 11KB

.KIwWSQ
Size: 95KB - Virtual size: 95KB

.OnGF
Size: 1024B - Virtual size: 120KB

.INNZE
Size: 2KB - Virtual size: 2KB