658b9d410f7796802d171d8af49a24cc

Sharing

Copy URL Twitter E-mail

General

Target

658b9d410f7796802d171d8af49a24cc
Size

166KB
MD5

658b9d410f7796802d171d8af49a24cc
SHA1

b8b8b365460c3fb9b986e2aa1a41013ac1c0ebea
SHA256

0145a27fd0bb1c3c0b17e60f536e3d0bc59f050b442b70014d44145c2a640591
SHA512

dd2001d934acec38d65b6ce0afec9dcb96a9c5d6a884c95f69a70970b326150fd0f3d6fbce4bec0e222edc80b3d1609bc0b50477ada9ae47721fdce6507ae240
SSDEEP

3072:m2oo9ZKqAaDnBtGdrnhCzRM+uz7faYIfb0A6n7eal8wXw6IRxr:z1KqxFtEgM+gfadbynjywyxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
658b9d410f7796802d171d8af49a24cc

Files

658b9d410f7796802d171d8af49a24cc
.exe windows:4 windows x86 arch:x86

187429e543a981714e7dc18289f37298

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
SetHandleInformation
HeapReAlloc
DisableThreadLibraryCalls
GetCommandLineA
lstrlenA
LoadResource
VirtualAlloc
IsDBCSLeadByte
SizeofResource
TlsFree
GetModuleHandleA
MulDiv
VirtualFree
InterlockedExchange
GetCurrentThreadId
GetThreadLocale
HeapCreate
GetEnvironmentStringsW
LeaveCriticalSection
lstrcmpiA
CloseHandle
HeapSize
GetCPInfo
GetFileType
UnhandledExceptionFilter
TransmitCommChar
VirtualQuery
IsBadWritePtr
FreeLibrary
SetStdHandle
HeapDestroy
FindResourceA
GetSystemTimeAsFileTime
GetStartupInfoA
lstrcpyA
GetSystemInfo
SetHandleCount
lstrcpynA
InitializeCriticalSection
FlushInstructionCache
ExitProcess
lstrcatA
LoadLibraryA
VirtualProtect
DeleteCriticalSection
EnumResourceNamesW
EnterCriticalSection
LoadLibraryExA
QueryPerformanceCounter
InterlockedDecrement
SetUnhandledExceptionFilter
GetOEMCP
RtlUnwind
GetProcessHeap
LCMapStringW
RaiseException
GetACP
FreeEnvironmentStringsA
InterlockedIncrement
WideCharToMultiByte
SetLastError
TlsAlloc
GetStringTypeA
GetVersionExA
ExitProcess
SetFilePointer
LockResource
GetEnvironmentStrings
IsBadReadPtr
GetModuleFileNameA
GetProcAddress
TlsGetValue
IsBadCodePtr
GetTickCount
HeapAlloc
TlsSetValue
TerminateProcess
LCMapStringA
GetStringTypeW
GetStdHandle
FreeEnvironmentStringsW
GetLocaleInfoA
WriteFile
lstrlenW
MultiByteToWideChar
FlushFileBuffers
GetCurrentProcess
GetLastError
HeapFree

gdi32

DeleteObject
GetDeviceCaps
GetTextExtentPointA
GetTextMetricsA
SelectObject
CreateFontIndirectA

user32

GetDC
IsDialogMessageA
IsDlgButtonChecked
UnregisterClassA
CreateDialogParamA
GetDlgItem
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
GetDialogBaseUnits
ReleaseDC
IsWindow
DestroyWindow
SetWindowLongA
MoveWindow
WinHelpA
EnableWindow
CheckDlgButton
ShowWindow
CharNextA

shlwapi

PathFindExtensionA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA

msimg32

AlphaBlend
TransparentBlt

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

187429e543a981714e7dc18289f37298

Headers

File Characteristics

Imports

kernel32

gdi32

user32

shlwapi

advapi32

msimg32

ole32

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 38KB - Virtual size: 37KB

.crt Size: 512B - Virtual size: 60KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 38KB - Virtual size: 37KB

.crt
Size: 512B - Virtual size: 60KB