23977279291aee66d129db4f8d8eb813

Sharing

Copy URL Twitter E-mail

General

Target

23977279291aee66d129db4f8d8eb813
Size

431KB
MD5

23977279291aee66d129db4f8d8eb813
SHA1

97f15503a6c8ae8710532d9484eeea3838db4780
SHA256

d7801dca87218f06e4624d61a2e5059a26d5d62f6b42586d3de21109e3fe7bc9
SHA512

e8dfd2e3c6637263c94ddef05af799aea927c6412d1a50388fe0bac00723791b4e6c80f8e82f80afe29a3b32b722bc525c6cbb74b07854feef5c29268412bccb
SSDEEP

12288:8GoKjZjAjP4FpSN0O1ZF0CY31MTHxyEmY34eIskIJ:8UZUseFjFgQ0jK4vsk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23977279291aee66d129db4f8d8eb813

Files

23977279291aee66d129db4f8d8eb813
.exe windows:4 windows x86 arch:x86

a56232b31d2f7877ff1c1e7434467a83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

RealShellExecuteW
SHQueryRecycleBinW
SHEmptyRecycleBinA
SHBrowseForFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHUpdateRecycleBinIcon
ExtractAssociatedIconW
InternalExtractIconListW
SHFileOperationA
DragQueryPoint
SHGetFileInfoA
ShellExecuteW
SHGetNewLinkInfo
InternalExtractIconListA
SHLoadInProc
SHInvokePrinterCommandA
SheChangeDirA
FindExecutableA
SHInvokePrinterCommandW
SHGetInstanceExplorer
SheSetCurDrive
SHGetPathFromIDListW
SHAddToRecentDocs

gdi32

GetCharABCWidthsW

user32

GetCursorPos
TileWindows
SendDlgItemMessageA
ActivateKeyboardLayout
SetMenuDefaultItem
SendIMEMessageExW
SetProcessWindowStation
MsgWaitForMultipleObjectsEx
EnumDisplaySettingsA

comdlg32

PageSetupDlgA
ReplaceTextA
LoadAlterBitmap
GetFileTitleW
ChooseFontW
ChooseColorW
PrintDlgA
ReplaceTextW
PageSetupDlgW
FindTextW
FindTextA
PrintDlgW
GetOpenFileNameA
GetSaveFileNameA

kernel32

InterlockedIncrement
TlsSetValue
HeapFree
GetCurrentThread
LoadLibraryA
GetCurrentProcess
SetHandleCount
GetCurrentThreadId
GetEnvironmentStrings
InterlockedExchange
GetUserDefaultLCID
UnhandledExceptionFilter
VirtualLock
ExitProcess
CompareStringW
GetLastError
QueryPerformanceCounter
HeapSize
SetConsoleCtrlHandler
LeaveCriticalSection
EnumSystemLocalesA
GetStdHandle
GetProcAddress
HeapReAlloc
WideCharToMultiByte
TlsAlloc
HeapDestroy
GetTimeFormatA
SetEnvironmentVariableA
CompareStringA
ReadConsoleOutputAttribute
GetVersionExA
EnumDateFormatsW
VirtualFree
VirtualAlloc
MultiByteToWideChar
TerminateProcess
GetCommandLineW
FreeEnvironmentStringsW
WriteFile
FreeLibrary
HeapCreate
ResetEvent
IsValidLocale
FreeEnvironmentStringsA
GetDateFormatA
GetCurrentProcessId
GetModuleHandleA
GetOEMCP
GetEnvironmentStringsW
GetLocaleInfoW
IsValidCodePage
GetACP
RtlUnwind
SetUnhandledExceptionFilter
OpenProcess
WritePrivateProfileStructW
GetTickCount
GetStartupInfoA
TlsGetValue
IsDebuggerPresent
GetStringTypeW
GlobalFindAtomW
VirtualQuery
EnumTimeFormatsW
GetProcessHeap
LCMapStringW
GetLocaleInfoA
GetSystemTimeAsFileTime
TlsFree
GetCPInfo
GetFileType
SetLastError
GetStringTypeA
InitializeCriticalSection
InterlockedDecrement
GetTimeZoneInformation
HeapAlloc
Sleep
GetModuleFileNameA
EnterCriticalSection
DeleteCriticalSection
LCMapStringA
GetCommandLineA

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 310KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a56232b31d2f7877ff1c1e7434467a83

Headers

File Characteristics

Imports

shell32

gdi32

user32

comdlg32

kernel32

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 310KB - Virtual size: 334KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 310KB - Virtual size: 334KB

.rsrc
Size: 4KB - Virtual size: 3KB