587371ce4d46e6496c4514ca7473068a

Sharing

Copy URL Twitter E-mail

General

Target

587371ce4d46e6496c4514ca7473068a
Size

96KB
MD5

587371ce4d46e6496c4514ca7473068a
SHA1

0308331d2ddc956f1790fc3ec79b47d17c21f04d
SHA256

45fe5494493ae832b9d0011f5edcf424c2d6e97f8f256d188a5513090d9b2331
SHA512

b8955b240d3b2eb006d903e497e06e377a1f4787354428f32ab44906b9df02c8abd33419e6a300fc049bfa43e19bc5b41bb505fc6863d9536bb66db87fb6a3a3
SSDEEP

1536:ThdA5+7nqA/kqdRZCbn8cItnUQ1z1XaBzPVbSGhYolpIHLffUydN4N:ThGU7Lcjbn8B2yRaBr1xD/IHwydSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
587371ce4d46e6496c4514ca7473068a

Files

587371ce4d46e6496c4514ca7473068a
.exe windows:4 windows x86 arch:x86

99e789b8477d7a447f5b5d471e7d4ccb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

shlwapi

SHStrDupA
PathGetCharTypeA
SHGetValueA
SHEnumValueA
PathFileExistsA
PathIsContentTypeA
SHQueryInfoKeyA

kernel32

GetEnvironmentStrings
GetACP
SetEndOfFile
GetCommandLineA
GetModuleFileNameA
GetVersion
VirtualFree
FindFirstFileA
GetLocalTime
GetDiskFreeSpaceA
GetProcessHeap
LocalReAlloc
ExitThread
LoadLibraryA
FindClose
SetEvent
GetCurrentProcess
lstrcpynA
MoveFileA
VirtualAllocEx
MoveFileExA
lstrcpyA
CreateFileA
GetTickCount
GetLastError
GlobalAddAtomA
DeleteCriticalSection
GlobalDeleteAtom
SetErrorMode
lstrlenA
LoadLibraryExA
CloseHandle
RaiseException
GetLocaleInfoA
CreateThread
FreeLibrary
VirtualQuery
GlobalAlloc
GetThreadLocale
WriteFile
SetFilePointer
LockResource
WaitForSingleObject
GetCurrentThreadId
HeapDestroy
GetModuleHandleA
VirtualAlloc
DeleteFileA

user32

LoadCursorA
CharNextW
SetWindowsHookExA
EmptyClipboard
GetKeyboardState
GetMenu
GetWindowTextA
GetActiveWindow
SetMenu
GetDC
GetKeyNameTextA
InsertMenuItemA
GetKeyboardLayoutNameA
DispatchMessageW
DestroyMenu
SetActiveWindow
LoadStringA
UnhookWindowsHookEx
InvalidateRect
TrackPopupMenu
GetWindowPlacement
ClientToScreen
DeleteMenu
GetDlgItem
IsWindowVisible
KillTimer
BeginPaint
DispatchMessageA
EnumThreadWindows
CallWindowProcA

ole32

StgCreateDocfileOnILockBytes
StgOpenStorage
OleRun

version

GetFileVersionInfoSizeA
VerFindFileA
VerQueryValueA

oleaut32

SysFreeString
RegisterTypeLib
SafeArrayGetElement
OleLoadPicture
SysAllocStringLen
SysStringLen
SafeArrayUnaccessData
VariantChangeType

msvcrt

strcmp
wcscspn
strlen
malloc
fabs
abs
memmove
wcsncmp
tan

gdi32

CopyEnhMetaFileA
BitBlt
CreateFontIndirectA
CreatePalette
CreatePenIndirect

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 603B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

99e789b8477d7a447f5b5d471e7d4ccb

Headers

File Characteristics

Imports

comdlg32

shlwapi

kernel32

user32

ole32

version

oleaut32

msvcrt

gdi32

Sections

CODE Size: 29KB - Virtual size: 28KB

.tls Size: 1024B - Virtual size: 603B

.rdata Size: 65KB - Virtual size: 65KB

CODE
Size: 29KB - Virtual size: 28KB

.tls
Size: 1024B - Virtual size: 603B

.rdata
Size: 65KB - Virtual size: 65KB