4b5d8a1de702b6a112c8c67ef28d0e13

General

Target

4b5d8a1de702b6a112c8c67ef28d0e13
Size

215KB
MD5

4b5d8a1de702b6a112c8c67ef28d0e13
SHA1

c7771f401951efc711a67239d20660adc0fc2942
SHA256

c5a058dd464452fb7089f0fe7603a845f64861e73f669ec9e932b2ed39f681bc
SHA512

92bd32483d14b367a70707535476ff973e31cb10ccba8a7a35dff59b6738015460e7ad698a0d543ea80072f5a6d2d9c287d7bfdf2cf491d8fedc94e79202f0ff
SSDEEP

3072:cSGVYhvpRVGE0Fr6oedM4oAmElQY9/ujoucRSzDgAUaK3zQqlhvZ1SSm8:cSG8Nar6LToW9mbcRSZUaK3Myx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b5d8a1de702b6a112c8c67ef28d0e13

Files

4b5d8a1de702b6a112c8c67ef28d0e13
.dll windows:4 windows x86 arch:x86

5c53bb10d5d8dc774c94aba10c0f96a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHStrDupA
SHQueryValueExA
SHGetValueA
SHDeleteValueA
SHEnumValueA
SHQueryInfoKeyA
PathIsContentTypeA
SHDeleteKeyA

comctl32

ImageList_Remove
ImageList_Write
ImageList_Add

version

GetFileVersionInfoA

kernel32

GlobalAddAtomA
SetEvent
GlobalFindAtomA
GetFileType
GetModuleFileNameA
VirtualAllocEx
GetModuleHandleA
ExitProcess
GetDateFormatA
ExitThread
ReadFile
LoadLibraryA
GetProcAddress
LocalReAlloc
GetCommandLineA
lstrlenA
VirtualFree
VirtualAlloc

advapi32

RegQueryValueExA
RegEnumValueA
RegDeleteValueA

shell32

SHGetDiskFreeSpaceA
SHGetFileInfoA
Shell_NotifyIconA

user32

FrameRect
SetScrollPos
GetKeyboardLayoutList
EnumThreadWindows
DrawIcon
GetSystemMetrics
IsWindowEnabled
GetActiveWindow
CharLowerA
EnableWindow
SetWindowLongW
GetCursor
RemoveMenu
GetMenuItemID
GetDlgItem
GetMenu
ShowWindow
DestroyIcon

gdi32

CreateFontIndirectA
GetDCOrgEx
BitBlt

Sections

CODE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 170KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c53bb10d5d8dc774c94aba10c0f96a4

Headers

File Characteristics

Imports

shlwapi

comctl32

version

kernel32

advapi32

shell32

user32

gdi32

Sections

CODE Size: 27KB - Virtual size: 26KB

.data Size: 170KB - Virtual size: 286KB

DATA Size: 2KB - Virtual size: 2KB

BSS Size: 13KB - Virtual size: 12KB

.reloc Size: 1024B - Virtual size: 630B

CODE
Size: 27KB - Virtual size: 26KB

.data
Size: 170KB - Virtual size: 286KB

DATA
Size: 2KB - Virtual size: 2KB

BSS
Size: 13KB - Virtual size: 12KB

.reloc
Size: 1024B - Virtual size: 630B