2a15ae4d03a3e9b52931666450d6459a

Sharing

Copy URL

Twitter E-mail

General

Target

2a15ae4d03a3e9b52931666450d6459a
Size

108KB
MD5

2a15ae4d03a3e9b52931666450d6459a
SHA1

9d2c23e3e47be3a61633a5ba3eca3fd96b2e3976
SHA256

e75d4f913e7039de4c896e205ae00c713962a09876a63b639517758892905c77
SHA512

067a9dd917cfe257ce3db4b1206750bdf12b0c7415170d8a56c5344b6425e8bbd55ad73d33f04cb9c5ab96d4c153d48340b89063f47521d778709ed6ad152c0d
SSDEEP

3072:mkU5tIX/E/54SGKwfYUzUFCfeZ9ef6WuQKG:phc/LhXeflu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a15ae4d03a3e9b52931666450d6459a

Files

2a15ae4d03a3e9b52931666450d6459a
.exe windows:4 windows x86 arch:x86

55a493a4cf8c3a8df2940b3254000d6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetFileTime
WideCharToMultiByte
FreeEnvironmentStringsA
GetFileType
LocalAlloc
DuplicateHandle
IsDBCSLeadByte
GetModuleHandleA
QueryPerformanceCounter
CompareStringW
VirtualProtect
SetHandleCount
GetDateFormatA
GetStartupInfoA
SetErrorMode
GetDriveTypeA

msvcrt

__p__fmode
_mktemp
_adjust_fdiv
__setusermatherr
_acmdln
_get_osfhandle
_except_handler3
srand
__p__commode
__set_app_type
abort
_XcptFilter
_assert
exit
log
__getmainargs
_isatty
_initterm
ungetc

user32

UpdateWindow
DestroyWindow
TrackPopupMenu

gdi32

GetObjectA
StretchBlt
SetTextAlign
CreateEllipticRgn
IntersectClipRect
GetPaletteEntries
InvertRgn
OffsetViewportOrgEx
Escape
FillRgn
SetPixel
SetViewportOrgEx
GetEnhMetaFilePaletteEntries
GetRgnBox
Ellipse

oleaut32

SysAllocStringLen
SafeArrayGetElement
VariantClear
SafeArrayRedim
GetActiveObject
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SysAllocStringByteLen
SafeArrayGetUBound

version

VerFindFileW
VerInstallFileA
VerQueryValueW
VerInstallFileW
GetFileVersionInfoSizeA
VerLanguageNameA
GetFileVersionInfoW

ole32

CoTaskMemAlloc
CreateBindCtx
CreateItemMoniker
StgOpenStorage
OleIsCurrentClipboard
CoRegisterClassObject
CLSIDFromString
StgOpenStorageOnILockBytes
StringFromCLSID
OleUninitialize

comctl32

ImageList_SetBkColor
ImageList_Write
ImageList_ReplaceIcon
PropertySheetW
CreateToolbarEx
ImageList_SetIconSize
InitializeFlatSB
ImageList_DrawEx
ImageList_GetBkColor
ImageList_DragEnter

advapi32

OpenSCManagerW
CheckTokenMembership
DeleteService
RegCreateKeyA
AllocateAndInitializeSid
OpenProcessToken
CryptReleaseContext
AddAccessAllowedAce
RegQueryInfoKeyA
RegOpenKeyA
EqualSid
CopySid

shell32

SHGetMalloc
SHGetFileInfoA
ExtractIconA
SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteEx
SHFileOperationW

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55a493a4cf8c3a8df2940b3254000d6a

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

oleaut32

version

ole32

comctl32

advapi32

shell32

Sections

.text Size: 51KB - Virtual size: 51KB

.data Size: 40KB - Virtual size: 40KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 51KB - Virtual size: 51KB

.data
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 15KB - Virtual size: 15KB