585dd8d226f68b2b52b9c7de3e8ecacf

Sharing

Copy URL Twitter E-mail

General

Target

585dd8d226f68b2b52b9c7de3e8ecacf
Size

172KB
MD5

585dd8d226f68b2b52b9c7de3e8ecacf
SHA1

05809ddac8ef404b0c2e85a1864355214f36377b
SHA256

5f9d3485c59d7288be07a3c1a83c98cee53fdc8594b48748414860f00603830b
SHA512

d79780c4c59c447efb2655dd4fad87bc49989a2af058b103d6739bb4d688c0999338c22995c978163e1e11f5037bf1ce9fc08024436983441bfaace6b7a95a6d
SSDEEP

3072:whB9hlJX4ufpZw0RgtEMNBoy4BMBT21dtSpXhAj/WfUJnuPlmiGL+GWFhz:wh/99ZrRgt3yyYMBaHcXgufUJuUclhz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
585dd8d226f68b2b52b9c7de3e8ecacf

Files

585dd8d226f68b2b52b9c7de3e8ecacf
.exe windows:5 windows x86 arch:x86

ff891c25f3a088977755c00426a7cdfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

ShellAboutA
SHGetDesktopFolder
ShellExecuteExA
FindExecutableW
SHAppBarMessage
SHInvokePrinterCommandW
ShellExecuteW
SHBrowseForFolder
DragAcceptFiles
ExtractIconW
SHGetPathFromIDListW
SHGetFolderPathA
DoEnvironmentSubstW
DuplicateIcon
SHBindToParent
RealShellExecuteW
ExtractAssociatedIconW
SHChangeNotify
SHGetFolderPathW
SHFileOperationW
ExtractAssociatedIconExW
SHGetFileInfoA

gdi32

GdiEntry2
SetStretchBltMode
FONTOBJ_cGetGlyphs
SelectFontLocal
MoveToEx
EngBitBlt
GetGraphicsMode
GdiEntry11
EngLoadModule
EngStretchBlt
CreateDIBPatternBrushPt
GetStringBitmapW
GdiQueryFonts
DeleteObject
GetEnhMetaFileHeader
CopyMetaFileW
GdiPlayJournal
SetRelAbs
GetPolyFillMode
GetBkMode
EngLineTo
EnumMetaFile
EngMarkBandingSurface
GetTextCharacterExtra
DPtoLP

kernel32

SetThreadAffinityMask
SetTapePosition
CreateMutexA
GetStringTypeExA
LCMapStringA
SetEndOfFile
SwitchToFiber
DeleteTimerQueueTimer
lstrlenA
EnumCalendarInfoExA
QueryInformationJobObject
VirtualAlloc
GetProcessHeap
Module32NextW
GetConsoleAliasExesLengthW
GlobalFindAtomA
GetCommModemStatus

advapi32

CryptDestroyKey
ObjectCloseAuditAlarmW
RevertToSelf
QueryServiceLockStatusA
RegLoadKeyA
ElfDeregisterEventSource
EnumServicesStatusA
RegQueryInfoKeyA
StartServiceCtrlDispatcherW
SetNamedSecurityInfoW
RegEnumValueW
RegQueryValueExW
I_ScSetServiceBitsW
OpenBackupEventLogW
SetSecurityDescriptorGroup
EnumDependentServicesW
DeregisterEventSource
RegQueryValueExA

Sections

.bss
Size: 69KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff891c25f3a088977755c00426a7cdfd

Headers

DLL Characteristics

File Characteristics

Imports

shell32

gdi32

kernel32

advapi32

Sections

.bss Size: 69KB - Virtual size: 215KB

.rdata Size: 47KB - Virtual size: 47KB

.text Size: 28KB - Virtual size: 27KB

.rsrc Size: 32KB - Virtual size: 31KB

.bss
Size: 69KB - Virtual size: 215KB

.rdata
Size: 47KB - Virtual size: 47KB

.text
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 32KB - Virtual size: 31KB