63bf7774dc904eebde9e52a1b101601f

Sharing

Copy URL Twitter E-mail

General

Target

63bf7774dc904eebde9e52a1b101601f
Size

182KB
MD5

63bf7774dc904eebde9e52a1b101601f
SHA1

229d346f9307f60ac292ea805dca180d3408aca2
SHA256

e26d1c2a11e87f0c39f2dfb4c464259a8e2e120a33fa1fb036cc367d88de289c
SHA512

3aa714c85684c29b7d7aee862d673c5ff979520c98b19af7b15b1f9ff939bc5b35cb31992b3e16ff9f26f8a710371d5163da0b195c859c00236383b20c5cab31
SSDEEP

3072:gfCAmcLcyENgViJp+bdjaxYWZyw/jU1BktFujZaMlPh49svxfWfFkyTGxwiAKv5L:gzLegQJs2LyqU1BktI4Mlh49svx2kUG5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63bf7774dc904eebde9e52a1b101601f

Files

63bf7774dc904eebde9e52a1b101601f
.exe windows:4 windows x86 arch:x86

7439933ee97bb1e84fcd110ef0a99bb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetCurrentProcessId
WaitNamedPipeA
CreateDirectoryW
CopyFileA
DisableThreadLibraryCalls
InterlockedDecrement
GetModuleFileNameW
DeleteFileA
OutputDebugStringW
EnterCriticalSection
CloseHandle
LocalAlloc
OutputDebugStringA
Sleep
GetLocaleInfoA
QueryPerformanceCounter
InterlockedExchange
GetThreadLocale
LocalFree
CreateFileA
GetCurrentThreadId
TerminateProcess
GetProcessAffinityMask
GetProcAddress
ReadFile
FindNextFileW
LoadLibraryW
WideCharToMultiByte
DeleteCriticalSection
SetFileAttributesA
GetTempFileNameA
GetTickCount
EnumResourceTypesW
GetSystemTime
SetFileAttributesW
MulDiv
GetACP
DeleteFileW
GetModuleFileNameA
FindFirstFileW
lstrlenW
GetLastError
WriteFile
GetTempPathA
lstrlenA
InterlockedIncrement
GetFileAttributesA
CreateDirectoryA
GetTempPathW
ReleaseMutex
InitializeCriticalSection
RemoveDirectoryW
CreateMutexA
WaitForSingleObject
GetVersionExW
LeaveCriticalSection
MultiByteToWideChar
FreeLibrary
FindClose
GetTempFileNameW
SetFilePointer
GetSystemTimeAsFileTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

OffsetRect
GetClientRect
IsRectEmpty
SetRectEmpty
CopyRect
FillRect
PeekMessageW
GetDC
TranslateMessage
ReleaseDC
DispatchMessageW
wsprintfW
GetWindowRect

advapi32

RegCloseKey
RegCreateKeyW
RegSetValueExW
RegOpenKeyExW
RegSetValueExA
RegDeleteKeyW
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExW
RegSetValueW
RegQueryValueExW
RegDeleteKeyA

gdi32

CreateBitmap
SelectObject
GetObjectW
SetBrushOrgEx
StretchBlt
GetObjectType
BitBlt
DeleteDC
CreateCompatibleDC
DeleteObject
CreateDCW
SetBkColor
CreateDIBSection
GetDIBits
CreateSolidBrush
CreateCompatibleBitmap
SetStretchBltMode

shlwapi

PathCombineW
PathFileExistsW
PathRenameExtensionW
PathFileExistsA
PathAddBackslashW
PathIsDirectoryW
PathAppendW
PathRemoveBackslashW
PathRemoveFileSpecW

winmm

timeGetTime

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7439933ee97bb1e84fcd110ef0a99bb4

Headers

File Characteristics

Imports

kernel32

avifil32

user32

advapi32

gdi32

shlwapi

winmm

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 71KB - Virtual size: 70KB

.tls Size: 1024B - Virtual size: 76KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 71KB - Virtual size: 70KB

.tls
Size: 1024B - Virtual size: 76KB