24afbfa5f38517f1a6f5f9da5130e750

Sharing

Copy URL Twitter E-mail

General

Target

24afbfa5f38517f1a6f5f9da5130e750
Size

158KB
MD5

24afbfa5f38517f1a6f5f9da5130e750
SHA1

e4dfbfc0025a61a5da83d2a02b9f8874e6343999
SHA256

3c87f083cce3031646299223f11eebd802ae97d5d100da16b6246995e40e372d
SHA512

b4867cf4e57cd0319a37092d2dc2c223b46db2d3fb48c9e7b3de66a3fbf28d5c8dea78b3d2dbab7396bc6e41c0891ba26aace27f39525f137e46c40b47564758
SSDEEP

3072:h3jxPGORgz8idNx8H5N8NdExmcRimNR8MgSLEs+qpje7JpsSlUGCC7LnSN:FxP9mz8wnM5N8nE1RPN7WsAFtUs0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24afbfa5f38517f1a6f5f9da5130e750

Files

24afbfa5f38517f1a6f5f9da5130e750
.exe windows:1 windows x86 arch:x86

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
TerminateProcess
GetEnvironmentStringsW
Module32First
GetEnvironmentVariableA
FreeEnvironmentStringsA
GetTimeFormatA
GetStartupInfoA
ResetEvent
GetConsoleMode
HeapCreate
VerLanguageNameA
TerminateThread
CreateFileA
SetLastError
ReadProcessMemory
GetSystemDirectoryA
SetFilePointer
GetProcessHeap
GetModuleHandleA
WaitForSingleObject
GetStringTypeW
GetTickCount
lstrcmpiA

user32

DestroyWindow
DefMDIChildProcA
DrawMenuBar
DeleteMenu
DrawIconEx
IsDialogMessageA
ScreenToClient
IsDlgButtonChecked
GetWindowRect
ReleaseDC
MoveWindow
ShowWindow
SetWindowPos
SetTimer
MessageBoxA
BeginPaint
InvalidateRect
GetDlgCtrlID
GetKeyState
GetClassNameA
DefFrameProcA

gdi32

GetTextExtentPoint32A
CreateSolidBrush
SaveDC
ExtTextOutA
RectInRegion
CreatePen
LineTo
GetObjectA
SelectObject
SetTextColor
DeleteObject
EndPage
SetBkColor
RestoreDC
StartDocA
MoveToEx
GetStockObject
GetBkColor
SetTextAlign

msvcrt

putc
swprintf
_ismbcl2
_mbsrchr
_safe_fprem1
_safe_fdiv
__set_app_type
_gmtime64
__setusermatherr
_adj_fptan
__p__commode
_setjmp
_get_osfhandle
__p__fmode
_purecall
atof
_chmod
_beep
_adj_fdivr_m32i
_wrmdir
_mktime64
_exit
_adjust_fdiv
_wfopen
wcspbrk
_except_handler3
memcpy
_XcptFilter
_scwprintf
_controlfp
_getmbcp
_initterm
_pipe
_acmdln
_snwscanf
exit
__getmainargs

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 184KB

.rsrc Size: 127KB - Virtual size: 126KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 184KB

.rsrc
Size: 127KB - Virtual size: 126KB