388846c7fef14dc7935cc59127f920d1

Sharing

Copy URL

Twitter E-mail

General

Target

388846c7fef14dc7935cc59127f920d1
Size

374KB
MD5

388846c7fef14dc7935cc59127f920d1
SHA1

93e9e0688448289b5d75dd67383912dbf4e0e9c4
SHA256

2529ca02f16076404c6f461b85e7c352d5af83fa4e0b398708356f111619fe5e
SHA512

aeb8f9886fc70f33be3f154d870362340dac4ecd6301501ebae6eeb5f43c86ff3929e1645bceb446e7419d909e1098b0c55d01d978c42e232ecb4b327c5fc41e
SSDEEP

6144:zKGpq0GqE9njvRXY1+1aTOWlgCpG2TfqN4m1vQy0BhLL0k1dC1AarOftLu9n4:zzNSvqoYTLlc5f1X0BhLhP2AOYtK9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
388846c7fef14dc7935cc59127f920d1

Files

388846c7fef14dc7935cc59127f920d1
.exe windows:4 windows x86 arch:x86

44c69027a2558550a63f0eddcce98e48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
ReadConsoleInputA
GetVersionExW
CreateEventA
QueryPerformanceCounter
GetProcessShutdownParameters
HeapAlloc
LoadLibraryA
GetCurrentThread
ExitProcess
InitializeCriticalSectionAndSpinCount
LockResource
GetEnvironmentVariableW
VirtualQueryEx
InterlockedExchange
GetTickCount
CompareStringA
GetModuleHandleA
FindResourceExA
TransactNamedPipe
RtlUnwind
TerminateProcess
GetModuleFileNameA
HeapReAlloc
lstrlenW
GetCurrentThreadId
VirtualAlloc
SetComputerNameA
GetProcAddress
LocalReAlloc
GetCurrentProcess
HeapFree
ConnectNamedPipe
GetModuleHandleW
FindFirstFileExA
GetCurrentProcessId
VirtualQuery
CreateThread
GetConsoleTitleW
GetSystemTimeAsFileTime

shell32

ExtractIconExA
SHChangeNotify
DragQueryFileA
SHGetSpecialFolderLocation
DragQueryPoint
ShellHookProc
SHGetSettings
DragAcceptFiles
DragQueryFileW
ShellAboutA
SHFreeNameMappings
ExtractAssociatedIconW
SHQueryRecycleBinW
SHBrowseForFolderA
SHAppBarMessage
SHInvokePrinterCommandW
RealShellExecuteA
DragFinish
SheSetCurDrive
SHFileOperationA
ShellAboutW
RealShellExecuteExW
DoEnvironmentSubstA

gdi32

StretchBlt
CreateCompatibleDC
Pie
StretchDIBits
GetTextMetricsW
CreatePatternBrush
GetCharWidth32A
CreateCompatibleBitmap
DeleteMetaFile
CopyMetaFileA
ExtFloodFill
GetStockObject
CreateDIBPatternBrush
GetMapMode
EnumFontsA

advapi32

CryptSignHashA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
CryptGetDefaultProviderA
CryptSetProvParam
RegLoadKeyA
LookupAccountNameW
InitializeSecurityDescriptor
RegSaveKeyW
RegQueryMultipleValuesA
CryptGetHashParam
CryptCreateHash
RegEnumKeyExW

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44c69027a2558550a63f0eddcce98e48

Headers

File Characteristics

Imports

kernel32

shell32

gdi32

advapi32

Sections

.text Size: 96KB - Virtual size: 96KB

.data Size: 266KB - Virtual size: 266KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 96KB - Virtual size: 96KB

.data
Size: 266KB - Virtual size: 266KB

.rsrc
Size: 10KB - Virtual size: 9KB