5bfabfbe689fe2ecb0145bc93f4c27b4

Sharing

Copy URL Twitter E-mail

General

Target

5bfabfbe689fe2ecb0145bc93f4c27b4
Size

111KB
MD5

5bfabfbe689fe2ecb0145bc93f4c27b4
SHA1

0164b2bcaae65915be8dec62441d960f7d123232
SHA256

5863fcd8f26fa47b68a5c0e7f62fbbcc00e58e3b4be79a25a87f9d04017c3676
SHA512

171a3b5ec89362d6a3fab57a1229f53b0d901c40d2e9b6cf453e8621754539bc6d55e383a7a889817a855f88eafb81e36d243d54f950347b0be53a271ae96f9d
SSDEEP

1536:NxMLDgCl9Do3qTWPnJ3iBSXAmkR6+wj+J0HPmiY0WoEVKsvzRbVJB:DuDz9DoY0AZHJ0H+EbcH/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bfabfbe689fe2ecb0145bc93f4c27b4

Files

5bfabfbe689fe2ecb0145bc93f4c27b4
.exe windows:5 windows x86 arch:x86

5d21efd71d594b82219666764fbaa21a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetFileTime
VirtualProtect
UnhandledExceptionFilter
GetStartupInfoA
RaiseException

user32

DispatchMessageA
DestroyCursor
PtInRect
MapWindowPoints
wsprintfA
CheckMenuItem
WaitMessage
SetTimer
KillTimer
GetScrollPos
CallWindowProcA
GetSysColor

msvcrt

puts
__getmainargs
memcmp
_wcsupr
_vsnwprintf
_except_handler3
_XcptFilter
_stat
_acmdln
fputs
__p__commode
sqrt
__p__fmode
__set_app_type
_getch
exit
_initterm
_adjust_fdiv
_fileno
__setusermatherr

shell32

SHGetFileInfoA
SHChangeNotify
SHFileOperationA
SHGetFolderLocation
DragQueryFileA
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteExA
ExtractIconExA

comctl32

ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_DragEnter
ImageList_SetBkColor
ImageList_ReplaceIcon
CreatePropertySheetPageW
ImageList_GetBkColor
ImageList_DrawEx
ImageList_Draw
DestroyPropertySheetPage
ImageList_EndDrag
ImageList_DragLeave

ole32

CoInitialize
CoFreeUnusedLibraries
IsAccelerator
ProgIDFromCLSID
CoReleaseMarshalData
CoGetClassObject
CoInitializeEx
OleFlushClipboard

advapi32

OpenThreadToken
DeregisterEventSource
InitiateSystemShutdownA
CloseServiceHandle
RegQueryValueExA
GetTokenInformation
RegOpenKeyExW
FreeSid
AddAccessAllowedAce
DeleteService
RegQueryValueA
RegDeleteKeyA

oleaut32

CreateErrorInfo
SafeArrayGetUBound
SysReAllocStringLen
VariantInit
SetErrorInfo
VariantCopyInd
SafeArrayPutElement
SafeArrayRedim

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d21efd71d594b82219666764fbaa21a

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

shell32

comctl32

ole32

advapi32

oleaut32

Sections

.text Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 25KB - Virtual size: 25KB