558f68231948f65fec50c762f2b795bd

Sharing

Copy URL Twitter E-mail

General

Target

558f68231948f65fec50c762f2b795bd
Size

175KB
MD5

558f68231948f65fec50c762f2b795bd
SHA1

935068040f22c601e97043a391563d9436e4ccbc
SHA256

e720345d4c33e43fe24051abb648dbc700a876a17bf2ba9cd0d5aab2d0d53ee1
SHA512

ca7e4be40fc974a33158d40ca674aaa6d65b82ef9145c2876820c84bb58d8aa2e0a2b4357601a594a984e56b177b26e34881628e02011a132c3133dde01eed27
SSDEEP

3072:nf03j2QvYkUGlyOGzQp+Vmwzdq6KnsXK8CiBDvZ3IdliJTK/L:fAvRUsGs8UwzdYsXK8ZBDhIdliJT8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
558f68231948f65fec50c762f2b795bd

Files

558f68231948f65fec50c762f2b795bd
.exe windows:4 windows x86 arch:x86

ad712f53c8347a9f269c99df3927f918

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA

advapi32

RegSetValueW
RegOpenKeyExA
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegSetValueExW
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegEnumKeyExW
RegDeleteKeyA

kernel32

InterlockedIncrement
GetACP
GetTempPathW
CreateMutexA
WaitForMultipleObjects
Sleep
LocalFree
LeaveCriticalSection
OutputDebugStringA
SetFileAttributesA
EnterCriticalSection
GetModuleFileNameW
ReadFile
FindFirstFileW
lstrlenA
GetSystemTime
GetCurrentProcessId
GetTickCount
SetFileAttributesW
OutputDebugStringW
LoadLibraryW
DeleteFileW
GetCurrentThreadId
GetProcessPriorityBoost
GetFileAttributesA
GetTempFileNameW
GetLocaleInfoA
EnumResourceTypesW
CreateDirectoryW
CopyFileA
GetVersionExW
LocalAlloc
FindNextFileW
MulDiv
InterlockedDecrement
SetFilePointer
CreateFileA
RemoveDirectoryW
QueryPerformanceCounter
GetTempPathA
FreeLibrary
ReleaseMutex
DeleteFileA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetTempFileNameA
WaitForSingleObject
GetProcAddress
ExitProcess
DisableThreadLibraryCalls
DeleteCriticalSection
InterlockedExchange
WriteFile
CloseHandle
CreateDirectoryA
GetLastError
lstrlenW
GetThreadLocale
InitializeCriticalSection
FindClose
GetModuleFileNameA
GetSystemTimeAsFileTime

shlwapi

PathRenameExtensionW
PathAddBackslashW
PathAppendW
PathFileExistsW
PathIsDirectoryW
PathRemoveBackslashW
PathCombineW
PathFileExistsA
PathRemoveFileSpecW

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries
CoInitialize

gdi32

SelectObject
CreateSolidBrush
GetDIBits
BitBlt
DeleteDC
GetObjectW
CreateBitmap
GetObjectType
DeleteObject
CreateDCW
CreateDIBSection
StretchBlt
CreateCompatibleDC
SetBkColor
CreateCompatibleBitmap
SetBrushOrgEx
SetStretchBltMode

user32

SetRectEmpty
DispatchMessageW
IsRectEmpty
PeekMessageW
ReleaseDC
OffsetRect
GetDC
CopyRect
TranslateMessage
FillRect
wsprintfW
GetClientRect
GetWindowRect

winmm

timeGetTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad712f53c8347a9f269c99df3927f918

Headers

File Characteristics

Imports

shell32

advapi32

kernel32

shlwapi

ole32

gdi32

user32

winmm

avifil32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 69KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 376KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 69KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 376KB