28024553f791e90ad8e13d894bc8e91a

Sharing

Copy URL Twitter E-mail

General

Target

28024553f791e90ad8e13d894bc8e91a
Size

534KB
MD5

28024553f791e90ad8e13d894bc8e91a
SHA1

daaad89f52bfb2631adebbef93acce70ff4c001b
SHA256

a7bf55e75cb0d3bd7e429c4a3d6d4b6152727f9d32b98318f4b208c8191945fa
SHA512

c236ceab1317f3d4e9619bfa5ffd23fc31a3e86b9636d28e5ce94d89ea27e4eb04c0f7ec0e8b31fdddfb28967348084f5798a9e1928962453fe303c57e961b63
SSDEEP

6144:hnSy+G+WIsn/uR/WytG+Ym8zNpqAS6E1oVqMBmBnAmnxvH7BpdyiNOI68bMjBh98:hT+G+Wl/ultHYm6G6EoPmxVyiNOJ846

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28024553f791e90ad8e13d894bc8e91a

Files

28024553f791e90ad8e13d894bc8e91a
.exe windows:4 windows x86 arch:x86

41eaaaa75d2b5f06a72e0f26b88139c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontW
GetFileTitleW
GetSaveFileNameA

comctl32

InitCommonControlsEx

kernel32

CreateFileW
CompareStringA
TerminateProcess
UnhandledExceptionFilter
EnterCriticalSection
GetCommandLineW
HeapFree
SetFilePointer
InterlockedIncrement
VirtualFree
GetModuleFileNameW
ReadConsoleInputA
GetEnvironmentStrings
SetHandleCount
LoadResource
GetModuleFileNameA
LoadLibraryA
WaitForDebugEvent
TlsAlloc
HeapDestroy
TlsSetValue
FreeEnvironmentStringsA
InitializeCriticalSection
QueryPerformanceCounter
WriteFile
LCMapStringA
GetVersion
InterlockedExchange
GetProcAddress
GetSystemTime
FreeEnvironmentStringsW
EnumDateFormatsW
ReadFile
HeapAlloc
GetLastError
GetStartupInfoW
WaitForSingleObjectEx
GetLocalTime
VirtualAlloc
LeaveCriticalSection
GetWindowsDirectoryW
TlsGetValue
GetStringTypeW
CloseHandle
SetLastError
GetStdHandle
GetFileType
IsBadWritePtr
GetSystemTimeAsFileTime
CreateMutexA
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
AllocConsole
GetCurrentProcess
GetCurrentProcessId
GetModuleHandleA
FlushFileBuffers
GetCPInfo
GetCurrencyFormatW
HeapReAlloc
GetCurrentThread
ExitProcess
GetCurrentThreadId
GetTimeZoneInformation
RtlUnwind
InterlockedDecrement
SetStdHandle
VirtualQuery
LCMapStringW
GetStringTypeA
DeleteCriticalSection
OpenMutexA
CompareStringW
GetEnvironmentStringsW
GetTickCount
GetStartupInfoA
SetEnvironmentVariableA
TlsFree
HeapCreate

user32

ChangeDisplaySettingsA
GetComboBoxInfo
ImpersonateDdeClientWindow
GetScrollInfo
RegisterClassA
CopyRect
RegisterClassExA
DrawTextA

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
CryptExportKey
RegLoadKeyA
LookupAccountSidW
RegSetValueExW

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41eaaaa75d2b5f06a72e0f26b88139c7

Headers

File Characteristics

Imports

comdlg32

comctl32

kernel32

user32

advapi32

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 59KB - Virtual size: 82KB

.data Size: 105KB - Virtual size: 105KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 59KB - Virtual size: 82KB

.data
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 20KB - Virtual size: 20KB