27e090ab1183ae2e7954314dec993c4c

Sharing

Copy URL

Twitter E-mail

General

Target

27e090ab1183ae2e7954314dec993c4c
Size

1.9MB
MD5

27e090ab1183ae2e7954314dec993c4c
SHA1

5b63b1e5e5760820577f2474e7af440fd08a390b
SHA256

13454801eafb713b63ba2a5696cb6f5bd93573e498a4662cee8c0deac44fed51
SHA512

488503b1ecf4496d0a36e1be7e333bbfbfd7177f6e221e087b233a1648c4adf0309464f2cae274497855994de27b1251efb135a537f88f39378877c4bf533ac3
SSDEEP

6144:q31sGWESj5m6VmwtiBwINYP6J23vy4+UROT+8Lp4I+nrtCKM+WgYdMY9dQQrRPF:q3Kljk6ti6i1c/PPv8/gCdMmdPrRPF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e090ab1183ae2e7954314dec993c4c

Files

27e090ab1183ae2e7954314dec993c4c
.exe windows:5 windows x86 arch:x86

9ce0a64ae5b189a8dceb0a74f5d0775e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmMetrics

msvcrt

_controlfp
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
__set_app_type
__setusermatherr
memset

kernel32

ExitProcess
DeleteCriticalSection
IsValidCodePage
InitializeCriticalSection
EnterCriticalSection
GetTickCount
CreateFileA
LeaveCriticalSection
CreateFileW
CreateMutexW
GetStartupInfoA
GetModuleHandleA
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetErrorMode
GetCommandLineA
LoadLibraryA
CreateProcessA

user32

DrawTextExW
DrawStateW
DrawTextW
GetSysColor
GetKeyState
ExitWindowsEx
EnableWindow
EmptyClipboard

gdi32

FrameRgn
SetTextJustification
SetTextColor
SetBkMode
SetBkColor
SelectObject
RectVisible
PtVisible
MoveToEx
LineTo
GetTextMetricsW
GetTextExtentPoint32W
GetStockObject
GetObjectW
GetDeviceCaps
GetCurrentObject
Escape
FillRgn
ExtTextOutW
DeleteObject

winspool.drv

DocumentPropertiesW
EnumPrintersW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
RegGetKeySecurity
RegLoadKeyW
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegSetKeySecurity
RegFlushKey
RegUnLoadKeyW

ole32

CoUninitialize

Sections

.text
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifx
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ce0a64ae5b189a8dceb0a74f5d0775e

Headers

File Characteristics

Imports

msacm32

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

Sections

.text Size: 424KB - Virtual size: 422KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 648B

.ifx Size: 4KB - Virtual size: 3KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 424KB - Virtual size: 422KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 648B

.ifx
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB