645088d3514d8c0ae0aea19eb1b77094

Sharing

Copy URL Twitter E-mail

General

Target

645088d3514d8c0ae0aea19eb1b77094
Size

88KB
MD5

645088d3514d8c0ae0aea19eb1b77094
SHA1

b2a02f36500cb83d5c6d1ea24bfbdff559764aa7
SHA256

9537d550c75bf0c0ddceab052fd9ee47b1edbe58f27f0995087a115287e4ad14
SHA512

2cb94049783469b540f256ed4069ced41a468c26a8dca6a718c5c7deb3a22f6d3b14d9702ab2d2289cd8f16effbab8ff89cdf6185fe14640c97d20fd6330e316
SSDEEP

1536:zkC6wifSzAZ6tX2ZhXZeol7CQQJuWrD0GMX:zkC6rqz3tX2ZBZeg7IJuWrD0l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
645088d3514d8c0ae0aea19eb1b77094

Files

645088d3514d8c0ae0aea19eb1b77094
.exe windows:1 windows x86 arch:x86

a383cfbc65ea7b983d5de5ab524084a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
CreateThread
GlobalFree
InitializeCriticalSection
CreateSemaphoreA
GetLastError
GlobalAddAtomA
ResumeThread
SetEvent
WaitForSingleObject
ResetEvent
Sleep
EnterCriticalSection
LeaveCriticalSection
ExitThread
FreeLibrary
CreateEventA
GlobalGetAtomNameA
GetTickCount
GlobalDeleteAtom
LoadLibraryA
GetProcAddress
lstrcpynA
GetModuleFileNameA
GlobalAlloc
GlobalLock
lstrlenA
lstrcatA
lstrcpyA
GlobalUnlock
GetModuleHandleA
GetStartupInfoA
OpenEventA
CloseHandle
GetCurrentThreadId
DeleteCriticalSection

user32

SetWindowPos
GetDlgItem
ReleaseDC
GetWindow
SetFocus
GetCursorPos
DestroyWindow
GetMenuState
SendMessageA
MessageBeep
DefDlgProcA
DefWindowProcA
SetForegroundWindow
GetSubMenu
ClientToScreen
TrackPopupMenu
SetDlgItemTextA
GetDC
GetSystemMenu
ModifyMenuA
EnableMenuItem
GetMenu
CheckMenuItem
ShowWindow
UpdateWindow
PostQuitMessage
LoadCursorA
RegisterClassA
LoadAcceleratorsA
GetMessageA
IsWindow
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterWindowMessageA
KillTimer
SetTimer
PostMessageA
EnableWindow
MessageBoxA
SetWindowTextA
wsprintfA
SendDlgItemMessageA
DestroyIcon
CreateDialogParamA
LoadStringA
GetWindowRect
EndDialog
GetDlgItemTextA

gdi32

GetDeviceCaps
DeleteObject
CreateFontA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

awlft332

ord50
ord52
ord101
ord51

awfxrn32

ord23
ord17
ord20
ord51
ord52
ord50
ord54
ord53
ord56
ord21
ord22
ord13
ord15
ord19
ord16
ord14
ord12
ord32
ord18
ord31

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

msvcrt20

_controlfp
_except_handler3
__p__fmode
__p__commode
__getmainargs
_initterm
__p__acmdln
exit
_XcptFilter
_exit
sscanf
realloc
strncpy
malloc
free

Exports

Exports

About
WndProc

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 87B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a383cfbc65ea7b983d5de5ab524084a4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

version

awlft332

awfxrn32

advapi32

msvcrt20

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 5KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 4KB - Virtual size: 87B

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 8KB - Virtual size: 12KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 5KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 4KB - Virtual size: 87B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 8KB - Virtual size: 12KB