64ab4ed76004cb38b8adcf83c44103b5

Sharing

Copy URL Twitter E-mail

General

Target

64ab4ed76004cb38b8adcf83c44103b5
Size

540KB
MD5

64ab4ed76004cb38b8adcf83c44103b5
SHA1

dbdf5ceccb686c1450b5e26511280ce656447728
SHA256

1f79f2cd2b9b978054b77baf1c40d78bdba8cca434917ad498bad158c360f8e4
SHA512

0d7d7dda81f3a4cda3970778cb67635657af86271c55541217fc5258063fca8e9618a78726207225c169dda1cd1d22a2603f84a03b2349be53c268cd896cacb5
SSDEEP

12288:csvVh5qnPUCGrMDcGBLY20rh/Sc25g0qwfDDMMnMMMMMteRBYx:csvVhoPirifNY2G6c8g0qmXMMnMMMMMR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64ab4ed76004cb38b8adcf83c44103b5

Files

64ab4ed76004cb38b8adcf83c44103b5
.exe windows:4 windows x86 arch:x86

cb249df189dfa3c98bf1de65f8a10dad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyW
RegSetValueExW
CheckTokenMembership
RegOpenKeyExA
AllocateAndInitializeSid
RegQueryValueExW
RegQueryValueExA
RegOpenCurrentUser
RegOpenKeyExW
RegCreateKeyExW
OpenProcessToken
RegQueryValueW
FreeSid

ntdll

RtlAddAuditAccessAceEx

atl

AtlModuleRegisterClassObjects

ddraw

DirectDrawCreate

kernel32

TerminateProcess
GetStdHandle
LocalAlloc
HeapDestroy
GetCurrentThreadId
TlsGetValue
QueryPerformanceCounter
FindResourceExW
SizeofResource
lstrcmpiA
TlsAlloc
FreeLibrary
HeapAlloc
GetFileSize
VirtualQuery
IsBadWritePtr
GetVersionExA
GlobalUnlock
DeleteCriticalSection
CreateThread
GetTickCount
EnumResourceLanguagesW
FindResourceW
InitializeCriticalSection
DisableThreadLibraryCalls
InterlockedExchange
UnmapViewOfFile
GetModuleFileNameA
GetModuleHandleA
GetLocaleInfoW
CreateFileW
GetSystemDefaultLCID
WriteFile
GetTimeFormatW
MapViewOfFile
GlobalHandle
CompareStringW
LocalSize
TlsSetValue
GetStringTypeA
FindResourceExA
LeaveCriticalSection
FreeEnvironmentStringsA
GetModuleFileNameW
GetCPInfo
GetEnvironmentStringsW
lstrlenW
GetNumberFormatW
GetProcAddress
CompareStringA
GetCurrentProcessId
TlsFree
SetLastError
SetEvent
IsBadReadPtr
GetSystemTimeAsFileTime
lstrcpynW
InterlockedCompareExchange
VirtualAlloc
FreeEnvironmentStringsW
GetOEMCP
LoadResource
GetThreadLocale
GetWindowsDirectoryW
SetUnhandledExceptionFilter
VirtualProtect
FlushFileBuffers
HeapCreate
InterlockedDecrement
GetStringTypeW
GlobalReAlloc
lstrlenA
LoadLibraryW
CreateEventW
GetUserDefaultLCID
GetLastError
GetSystemInfo
GetStartupInfoA
EnumCalendarInfoW
GetProcessHeap
SetStdHandle
SetHandleCount
LoadLibraryA
GetStringTypeExW
GetLocaleInfoA
MultiByteToWideChar
lstrcmpW
GetLocalTime
FreeResource
GetACP
EnterCriticalSection
GetFileType
GetModuleHandleW
LocalFree
UnhandledExceptionFilter
GetCommandLineA
GetDateFormatW
GlobalAlloc
Sleep
GetUserDefaultLangID
InterlockedIncrement
MulDiv
ExitProcess
VirtualFree
SetFilePointer
WaitForSingleObject
LockResource
GlobalAddAtomW
LocalReAlloc
lstrcmpA
GetCurrentProcess
GlobalFree
CloseHandle
HeapFree
HeapReAlloc
GetEnvironmentStrings
LCMapStringA
CreateFileMappingW
LCMapStringW
WideCharToMultiByte
lstrcmpiW

gdi32

RectVisible
CreatePatternBrush
GetBkColor
GetObjectW
SetDIBColorTable
UnrealizeObject
Polyline
GetTextExtentPointA
GetViewportExtEx
SetBkMode
GetPixel
CreateDIBSection
CreateHalftonePalette
GetTextCharsetInfo
GetNearestColor
CreatePalette
SetWindowOrgEx
GetClipBox
GetTextMetricsW
SetTextColor
GetDIBits
DeleteObject
CreateBitmapIndirect
Arc
IntersectClipRect
ExtTextOutW
FrameRgn
CreateRoundRectRgn
ExcludeClipRect
GetWindowExtEx
CreateCompatibleBitmap
StretchDIBits
LineTo
MaskBlt
SetDIBits
CreateSolidBrush
SetBkColor
Rectangle
GetTextAlign
CreateCompatibleDC
RealizePalette
ExtTextOutA
OffsetWindowOrgEx
SetTextAlign
GetCharWidthW
TextOutW
CreatePen
SelectObject
GetDCOrgEx
MoveToEx
PatBlt
BitBlt
GetCurrentObject
CreateFontW
GetTextColor
SetPixel
CreateRectRgnIndirect
CombineRgn
GetDIBColorTable
GetClipRgn
ExtSelectClipRgn
GetStockObject
OffsetRgn
StretchBlt
TranslateCharsetInfo
SelectClipRgn
Ellipse
GetDeviceCaps
FillRgn
CreateRectRgn
SelectPalette
CreateFontIndirectW
SetBrushOrgEx
CreateBitmap
SaveDC
EnumFontFamiliesExW
DeleteDC
GetPaletteEntries
GetTextExtentPointW
GetBitmapBits
GetTextExtentPoint32W
RestoreDC
GetCharWidthA
SetPixelV
CreatePolygonRgn

Sections

.text
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 432KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb249df189dfa3c98bf1de65f8a10dad

Headers

File Characteristics

Imports

advapi32

ntdll

atl

ddraw

kernel32

gdi32

Sections

.text Size: 4KB - Virtual size: 924B

.rdata Size: 432KB - Virtual size: 429KB

.data Size: 12KB - Virtual size: 2.0MB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 80KB - Virtual size: 77KB

.text
Size: 4KB - Virtual size: 924B

.rdata
Size: 432KB - Virtual size: 429KB

.data
Size: 12KB - Virtual size: 2.0MB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 80KB - Virtual size: 77KB