5c139cc5cca0b79cccf1c9c397b34060

Sharing

Copy URL Twitter E-mail

General

Target

5c139cc5cca0b79cccf1c9c397b34060
Size

210KB
MD5

5c139cc5cca0b79cccf1c9c397b34060
SHA1

84c528614b203a044728189cebf7d69cb8be3154
SHA256

29b5be3144fdfd37422e55431af990c57965c56bceb71faf48e99fb4973be342
SHA512

36721426951eb383ebdbd90c9b2291a39a47de942af8d7472069fbef1298ce6a704c148842e5a53e2a819561e43b0100d2ddfd37fe8112d20f1104fa0ee1519c
SSDEEP

3072:tl434Rcsf7jul/P9S/pE8341FY3DSsNstk1UX+BaJ57ClyjlmCGrR+JyCwjMoG6:tDDjO39+uy41YDSTuBafClyBmCcjMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c139cc5cca0b79cccf1c9c397b34060

Files

5c139cc5cca0b79cccf1c9c397b34060
.exe windows:4 windows x86 arch:x86

4f306e2ea28baf699e416ba5a6c7b000

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
ExtractAssociatedIconW
ExtractIconW
SHAppBarMessage
SHBindToParent
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteEx
ShellExecuteExA

comctl32

CreateStatusWindowA
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_SetIconSize

kernel32

DeleteCriticalSection
DeleteFileW
GetEnvironmentVariableA
GetFileSize
GetSystemTime
GlobalAlloc
IsBadCodePtr
LoadResource
SizeofResource
VirtualProtect
lstrcpynA

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CopySid
CryptCreateHash
CryptDestroyHash
DeleteService
GetLengthSid
GetSecurityDescriptorDacl
LookupPrivilegeValueW
OpenServiceW
OpenThreadToken
QueryServiceStatus
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

gdi32

Arc
ArcTo
BitBlt
CopyMetaFileW
CreateDIBPatternBrushPt
CreateEnhMetaFileA
CreateFontIndirectA
CreateFontIndirectW
CreatePalette
CreateRectRgn
DeleteMetaFile
Ellipse
EnumEnhMetaFile
FillRgn
GetClipRgn
GetNearestPaletteIndex
GetTextAlign
MaskBlt
RealizePalette
RectVisible
SetAbortProc
SetBkMode
SetDIBitsToDevice
SetMapMode
SetTextJustification
TextOutA
TranslateCharsetInfo

user32

CreateWindowExA
DestroyCursor
DrawTextA
EndPaint
EnumWindows
GetCapture
GetKeyboardType
GetMenu
GetWindow
PtInRect
RedrawWindow
ReleaseDC

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

YGO3JCLS
Size: 512B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f306e2ea28baf699e416ba5a6c7b000

Headers

File Characteristics

Imports

shell32

comctl32

kernel32

advapi32

gdi32

user32

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 99KB - Virtual size: 98KB

.rsrc Size: 18KB - Virtual size: 17KB

YGO3JCLS Size: 512B - Virtual size: 120KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 99KB - Virtual size: 98KB

.rsrc
Size: 18KB - Virtual size: 17KB

YGO3JCLS
Size: 512B - Virtual size: 120KB