5a15edb89976dd16cec6fcaff72db28f

Sharing

Copy URL Twitter E-mail

General

Target

5a15edb89976dd16cec6fcaff72db28f
Size

166KB
MD5

5a15edb89976dd16cec6fcaff72db28f
SHA1

7a4080a30f48b283b6e71d7b43eb180f27cb6329
SHA256

6d3c5234f2b2f279a724da2b31ba813366a94d75e403d7834d330df20f4a72ae
SHA512

e4677928fdebf41426a8a5868d2937fc576b45b7208e68f4adabcfbecb086b80edb1288a31c9ef3d0b457e754a327cd637bb16ec77ccdfc04ca6cccc9e768a7f
SSDEEP

3072:RaGuHqnPHuPYG9D+vnFmDQ8ouGJdCspJhWsBAxYpIBH0NH:mH/D+dmDUDCmJkSsY2hQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a15edb89976dd16cec6fcaff72db28f

Files

5a15edb89976dd16cec6fcaff72db28f
.exe windows:4 windows x86 arch:x86

85ee8633b18cb277d43a2e0db3c498af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
FreeResource
SetThreadLocale
GetACP
ExitProcess
SetEvent
InitializeCriticalSection
SetLastError
ReadFile
GetCommandLineA
FormatMessageA
GlobalDeleteAtom
GetModuleHandleA
GetStringTypeA
MulDiv
GetUserDefaultLCID
EnumCalendarInfoA
GlobalFindAtomA
GetCurrentProcessId
LockResource
FindClose
GetFullPathNameA
FindFirstFileA
DeleteCriticalSection
GetProcessHeap
GetProcAddress
RaiseException
GetOEMCP
VirtualAlloc
GetLocaleInfoA
GetStdHandle
GetThreadLocale
EnterCriticalSection
GetStartupInfoA
WriteFile
GetCurrentProcess
GetFileType
ExitThread
GetVersion
CloseHandle
Sleep
GetLocalTime
CompareStringA
LocalFree
GetVersionExA
GlobalAlloc
LocalAlloc
lstrcatA
GetModuleFileNameA
GetFileSize
SetEndOfFile
SizeofResource
ResetEvent
LoadLibraryExA
SetHandleCount
GetFileAttributesA
CreateThread
lstrcpyA
lstrcpynA
LocalReAlloc
SetErrorMode
GetCPInfo
VirtualAllocEx
lstrlenA
lstrcmpA
GetStringTypeW
GetEnvironmentStrings
SetFilePointer
MoveFileA
HeapFree
LoadResource
WideCharToMultiByte
HeapDestroy
HeapAlloc
GetTickCount
VirtualFree
GetDiskFreeSpaceA
GetSystemDefaultLangID
lstrcmpiA
FindResourceA
GetDateFormatA
FreeLibrary
MoveFileExA
CreateEventA
GetCurrentThread
CreateFileA
VirtualQuery
GlobalAddAtomA
DeleteFileA
LoadLibraryA
WaitForSingleObject
GetCurrentThreadId

shlwapi

PathIsDirectoryA
PathIsContentTypeA
SHStrDupA
SHQueryValueExA
PathGetCharTypeA
SHDeleteKeyA
PathFileExistsA
SHEnumValueA

oleaut32

SafeArrayGetUBound
SysStringLen
GetErrorInfo
VariantCopyInd
SysAllocStringLen
OleLoadPicture
VariantChangeType
SysReAllocStringLen
SafeArrayGetElement

comctl32

ImageList_Destroy
ImageList_DrawEx
ImageList_DragShowNolock
ImageList_Remove
ImageList_Read

comdlg32

ChooseColorA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

gdi32

GetDCOrgEx
GetDIBColorTable

msvcrt

mbstowcs
exit
abs
memcpy
wcschr
sprintf
memcmp
swprintf
srand
wcscspn
log
time
rand
wcsncmp
fabs
log10
memmove

user32

CheckMenuItem
EnumChildWindows
GetActiveWindow
SetWindowPos
CreateMenu
GetMenuItemID
CharLowerA
DispatchMessageW
IsChild
FindWindowA
FrameRect
GetScrollPos
DeferWindowPos
EnumWindows
GetKeyState
GetMenuItemCount
GetCursorPos
DefWindowProcA
GetParent
CharLowerBuffA
GetCursor
GetWindow
GetFocus
GetLastActivePopup

version

GetFileVersionInfoA

Sections

CODE
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 119KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85ee8633b18cb277d43a2e0db3c498af

Headers

File Characteristics

Imports

kernel32

shlwapi

oleaut32

comctl32

comdlg32

gdi32

msvcrt

user32

version

Sections

CODE Size: 43KB - Virtual size: 43KB

INIT Size: 119KB - Virtual size: 198KB

.rdata Size: 512B - Virtual size: 312B

.bss Size: 2KB - Virtual size: 1KB

CODE
Size: 43KB - Virtual size: 43KB

INIT
Size: 119KB - Virtual size: 198KB

.rdata
Size: 512B - Virtual size: 312B

.bss
Size: 2KB - Virtual size: 1KB