226b216ae244da8187c1aea72b8e2d80

Sharing

Copy URL

Twitter E-mail

General

Target

226b216ae244da8187c1aea72b8e2d80
Size

128KB
MD5

226b216ae244da8187c1aea72b8e2d80
SHA1

d6a45fca1366e5da5d24116bed754c1985d28f9c
SHA256

39aa076841b31f68a5ad66365830695448a6c37f368e63674d0dcb431198cc26
SHA512

645e5a0a373d3189932eba64389810f67205469d9c82fd512f9fb94703e288d76eaeae7324374906252f5c28aa7edb78cf636fd4daafcd4a9ad7255546c84ded
SSDEEP

3072:xLOWjQvhgdWed4l3R4D1ksC7KAD+HDIFTkneJOhw89eq/VYh:xF3d4WFOFTknM84Iy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
226b216ae244da8187c1aea72b8e2d80

Files

226b216ae244da8187c1aea72b8e2d80
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

ab172e510dff4e4b33afd9a808e2afb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateFontW

shell32

SHEmptyRecycleBinW
DragAcceptFiles
SHGetSettings

kernel32

CloseHandle
CreateFileW
DeviceIoControl
ExitProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GlobalAlloc
GlobalFree
InterlockedExchangeAdd
IsBadHugeWritePtr
LoadLibraryA
OutputDebugStringA
QueryPerformanceCounter
RtlUnwind
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
GlobalReAlloc

user32

GetSystemMetrics
GetWindowRect
LoadCursorW
LoadIconW
MoveWindow
PackDDElParam
PostQuitMessage
RegisterDeviceNotificationW
ReleaseCapture
SendMessageW
SetCapture
GetMessageW
GetClientRect
SetMenuItemInfoW
ShowWindow
TranslateAcceleratorW
TranslateMessage
UnregisterDeviceNotification
EndDialog
DispatchMessageW
DdeCreateDataHandle
CreateDialogParamW
GetMenuInfo
GetMenu
SetCursor
GetDlgItem
SetDeskWallpaper

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Create

msvcrt

__p__commode
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
__mb_cur_max
_cexit
_commit
_controlfp
_errno
_exit
_fileno
_iob
_isatty
_ismbblead
_itoa
_lseeki64
_read
_snprintf
_wcsicmp
calloc
exit
ferror
free
isdigit
isleadbyte
ispunct
iswctype
isxdigit
malloc
mbtowc
memset
mktime
realloc
ungetc
wcstombs
wctomb
__lc_collate_cp
__getmainargs
__badioinfo
_XcptFilter
_amsg_exit

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

Exports

Exports

ADeviceGetCaps
BeginExternalBackup
CreateTempFile
Restore
RicheditStreamOut

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab172e510dff4e4b33afd9a808e2afb1

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

shell32

kernel32

user32

comctl32

msvcrt

setupapi

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 29KB - Virtual size: 31KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 29KB - Virtual size: 31KB

.rsrc
Size: 2KB - Virtual size: 2KB