650a6cb1433b764e27ea59d2eca999a3

Sharing

Copy URL Twitter E-mail

General

Target

650a6cb1433b764e27ea59d2eca999a3
Size

858KB
MD5

650a6cb1433b764e27ea59d2eca999a3
SHA1

6ab26e8b41c396956ebf053c2259136a0d95df19
SHA256

8f753030de3e3dd66a6ce5017c7df9d2c96dccf4de8b2340edab32ca8a4e4d17
SHA512

ad189e551c10d3e0f620cf990ad298947f8ee10bcd11b66c622a0ffea686fd18acc5af574a47fd4ab4c5ac699768f556852b1f728636b88d730dae5b50f564ca
SSDEEP

24576:E4/fBzyNAu3V7zuWnDHDPPDozC3Dn/Qp:pBqAu3Nrn77Domz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
650a6cb1433b764e27ea59d2eca999a3

Files

650a6cb1433b764e27ea59d2eca999a3
.exe windows:4 windows x86 arch:x86

c106ebb70bcdc7b6cafa87b52c3df8a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EnumDependentServicesA
GetNumberOfEventLogRecords
GetSecurityDescriptorControl
RegFlushKey
CryptDestroyHash
AllocateAndInitializeSid
CryptGenKey
AccessCheck
AddAce
CryptEncrypt
RegUnLoadKeyA
RevertToSelf
RegConnectRegistryA
BackupEventLogA
BuildSecurityDescriptorA
RegQueryValueA
OpenEventLogA
DeregisterEventSource
QueryServiceObjectSecurity
CryptSetKeyParam
RegDeleteValueA
CryptGetKeyParam
GetMultipleTrusteeA
GetExplicitEntriesFromAclA
GetAclInformation
PrivilegeCheck
ChangeServiceConfigA
CryptHashSessionKey
CopySid
GetSecurityDescriptorOwner
FindFirstFreeAce
RegOpenKeyA
GetServiceDisplayNameA
RegSaveKeyA
IsTextUnicode
SetEntriesInAuditListA
InitializeAcl

user32

ScrollDC
GetDoubleClickTime
DdeNameService
ChildWindowFromPointEx
IsCharLowerA
GetShellWindow
GetComboBoxInfo
GetMenuItemCount
EnumClipboardFormats
SwitchToThisWindow
EnableScrollBar
ToUnicodeEx
ShowWindowAsync
DefMDIChildProcA
GetIconInfo
GetKeyboardLayoutList
CopyIcon
GetWindowRect
MsgWaitForMultipleObjects
FindWindowExA
BringWindowToTop
DdeClientTransaction
PostQuitMessage
RedrawWindow
GetClipboardFormatNameA
GetNextDlgTabItem
GetProcessDefaultLayout
DdeEnableCallback
WinHelpA
GetSystemMenu
OemToCharA
SetDebugErrorLevel
wvsprintfA
MapVirtualKeyExA
UnhookWinEvent
CreateAcceleratorTableA
DdeCreateDataHandle
MonitorFromPoint
SetScrollInfo
DrawMenuBar
GetLastActivePopup
SetWindowRgn
ShowCursor
ArrangeIconicWindows
GetKBCodePage
SetWindowContextHelpId
GetClassInfoA
EnumPropsExA
UpdateWindow
GetMessagePos
DrawCaption
DrawFrame
LoadAcceleratorsA

kernel32

UnlockFileEx

Sections

.vglq
Size: 635KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.efs
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hqh
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qja
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.epg
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xmbif
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfkhu
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ynup
Size: 48KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enm
Size: 124KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c106ebb70bcdc7b6cafa87b52c3df8a3

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.vglq Size: 635KB - Virtual size: 1.3MB

.efs Size: 5KB - Virtual size: 5KB

.hqh Size: 19KB - Virtual size: 27KB

.qja Size: 512B - Virtual size: 20KB

.epg Size: 6KB - Virtual size: 15KB

.xmbif Size: 512B - Virtual size: 56B

.gfkhu Size: 512B - Virtual size: 24B

.ynup Size: 48KB - Virtual size: 76KB

.enm Size: 124KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

.vglq
Size: 635KB - Virtual size: 1.3MB

.efs
Size: 5KB - Virtual size: 5KB

.hqh
Size: 19KB - Virtual size: 27KB

.qja
Size: 512B - Virtual size: 20KB

.epg
Size: 6KB - Virtual size: 15KB

.xmbif
Size: 512B - Virtual size: 56B

.gfkhu
Size: 512B - Virtual size: 24B

.ynup
Size: 48KB - Virtual size: 76KB

.enm
Size: 124KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB