28d40a7990af25bdf3ec374c85efc9d0

General

Target

28d40a7990af25bdf3ec374c85efc9d0
Size

173KB
MD5

28d40a7990af25bdf3ec374c85efc9d0
SHA1

cb232d2d0873a5092f5b3e221a650053347a3307
SHA256

9465b6e78299e9d9218827c48ff35ba083922a0387ed7f039bd09b5d39c2f046
SHA512

11365efca579be1e94f70abf4514f203aa386187099c337f57d2731595eb75c43492f6d39ef3da724639fdd7b397b619f472c9c38fff254275cd53b2f997b1be
SSDEEP

3072:9zPtwcopw1YaS8WUNR5t3Q2dvIhBbowvdZB053SEbTDmLa9rM19RkljxG:VPtwNwHFNPtkrTB2SgXGa9rgRuG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d40a7990af25bdf3ec374c85efc9d0

Files

28d40a7990af25bdf3ec374c85efc9d0
.exe windows:5 windows x86 arch:x86

ec208745602fb861aebdad27dca49e23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
CreateThread
LoadLibraryA
ExpandEnvironmentStringsW
lstrlenW
InterlockedExchangeAdd
CloseHandle
GlobalAlloc
Sleep
WaitForSingleObject
GetCurrentThread
CloseHandle
SetUnhandledExceptionFilter
VirtualProtect
GetVersionExA
HeapAlloc
GetACP
SleepEx
QueryPerformanceCounter
GetPriorityClass
CreateFileW
GetVolumeNameForVolumeMountPointW
GetDateFormatW
GlobalAlloc
CreateEventW
GetWindowsDirectoryW
HeapSize
EnterCriticalSection
LocalAlloc

mspadhlp

_FInf
_FSnan
_LInf
_LDenorm
_Toupper
_Xbig
_Stod

user32

GetWindowTextW
DestroyWindow
CreateAcceleratorTableW
DrawTextExW
UnhookWindowsHookEx
GetDesktopWindow
GetClientRect
CharUpperW
RegisterClipboardFormatW
IsWindowVisible
ShowWindow
UnregisterClassA
LoadIconW
MessageBoxW
IsChild
DefWindowProcW
MessageBeep
FindWindowW
CreateWindowExW
InvalidateRect
GetCursorPos
CharNextW
FrameRect
LockSetForegroundWindow
IsWindowEnabled

ntdll

NtQueryInformationFile
NtQueryDirectoryFile
NtOpenDirectoryObject
NtOpenSemaphore
NtQuerySystemTime
NtOpenEventPair
NtOpenMutant
NtCancelTimer
NtOpenSection

msvcrt

exit
_exit
wcstol
__set_app_type
_purecall
__getmainargs
_cexit

gdi32

AddFontResourceW
PatBlt

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec208745602fb861aebdad27dca49e23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mspadhlp

user32

ntdll

msvcrt

gdi32

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 35KB - Virtual size: 34KB

.rsrc Size: 118KB - Virtual size: 120KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 118KB - Virtual size: 120KB