36d3773068ec1f1a97b031e2d50ec546

Sharing

Copy URL Twitter E-mail

General

Target

36d3773068ec1f1a97b031e2d50ec546
Size

1000KB
MD5

36d3773068ec1f1a97b031e2d50ec546
SHA1

2e1b458cf8afbc19259c5afcf968565fc61b6248
SHA256

1f7ca683faccf15b43cd62f416a4b9a0b3b4e894d2873276f9731a8e8aa0b155
SHA512

7860b3f3d0bd0143fe559c9777aae8864d40a278cf9837670e9d9ef4f387bb23c2e620368095627337cddbc8e9fe9b61addbc822323b7baabf2888184a20225c
SSDEEP

24576:o5c5zhVy5W5gXe5/S4q5J35j5NisDPF0qqr3XQ29om3:CGzhCYgQ/S4cJp1NisDdyLp97

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36d3773068ec1f1a97b031e2d50ec546

Files

36d3773068ec1f1a97b031e2d50ec546
.exe windows:5 windows x86 arch:x86

7aea87d7a929bd4f6afff396e4013e4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmMetrics

msvcrt

_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
__setusermatherr

msimg32

GradientFill

kernel32

GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileTime
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileIntW
GetProcAddress
GetProcessHeap
GetShortPathNameW
GetStartupInfoW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetUserDefaultLangID
GlobalAddAtomW
GlobalDeleteAtom
FindClose
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
lstrlenA
lstrlenW
MulDiv
MultiByteToWideChar
GetDriveTypeW
QueryPerformanceCounter
RaiseException
ReadFile
ResetEvent
ResumeThread
SetErrorMode
SetEvent
SetFileAttributesW
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
GetVersion
InitializeCriticalSection
GetTickCount
LoadLibraryA
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
ExpandEnvironmentStringsW
EnterCriticalSection
DisconnectNamedPipe
DeviceIoControl
DeleteCriticalSection
CreateFileW
CreateEventW
CreateDirectoryW
CompareFileTime
CloseHandle
CallNamedPipeW
ExitProcess
GetOEMCP
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameA
FormatMessageW
FlushFileBuffers
FindResourceW
FindResourceExW
OutputDebugStringW
FindFirstFileW
GlobalGetAtomNameW

user32

UpdateWindow
TranslateMessage
SystemParametersInfoW
SetWindowLongW
SetTimer
SetRectEmpty
SetCursor
SendMessageW
SendMessageTimeoutW
RemoveMenu
RegisterWindowMessageW
RedrawWindow
PostMessageW
PeekMessageW
OffsetRect
MsgWaitForMultipleObjects
MapWindowPoints
LoadIconW
LoadCursorW
KillTimer
IsWindowVisible
IsWindowEnabled
IntersectRect
InsertMenuW
InflateRect
GetWindowRect
GetSystemMenu
GetParent
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetKeyState
GetFocus
GetDlgItem
GetClassInfoW
FrameRect
FindWindowExW
EnableWindow
DispatchMessageW
DestroyAcceleratorTable
DeleteMenu
DefWindowProcW
CharUpperW
CharPrevW
AppendMenuW
GetWindowLongW
CopyRect

gdi32

SetBkColor
SelectObject
GetStockObject
GetObjectW
ExtTextOutW
CreateSolidBrush
CreatePatternBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBrushOrgEx

advapi32

GetLengthSid
GetFileSecurityW
GetAclInformation
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AddAce
AddAccessAllowedAce
AccessCheck
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
MapGenericMask
MakeSelfRelativeSD
MakeAbsoluteSD
GetSecurityDescriptorControl
IsValidSid
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
GetTokenInformation
GetSidSubAuthority
GetSidLengthRequired
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
RevertToSelf

shell32

StrRChrW
DragAcceptFiles
StrChrW
SHGetFileInfoW
ShellExecuteExW

ole32

CoCreateInstance
CoUninitialize
OleRun

oleaut32

GetErrorInfo

shlwapi

PathAppendW
PathFindFileNameW
PathIsDirectoryW
PathRemoveFileSpecW
PathSkipRootW
PathStripToRootW
StrToIntW
PathIsURLW
PathIsRootW
PathIsUNCServerShareW
PathIsUNCServerW
PathFindExtensionW
PathIsUNCW

Sections

.text
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sif
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 548KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7aea87d7a929bd4f6afff396e4013e4c

Headers

File Characteristics

Imports

msacm32

msvcrt

msimg32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 424KB - Virtual size: 422KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 648B

.sif Size: 8KB - Virtual size: 4KB

.rsrc Size: 548KB - Virtual size: 546KB

.text
Size: 424KB - Virtual size: 422KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 648B

.sif
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 548KB - Virtual size: 546KB