7008bcb445d389fab3a50923f09fde80

Sharing

Copy URL Twitter E-mail

General

Target

7008bcb445d389fab3a50923f09fde80
Size

87KB
MD5

7008bcb445d389fab3a50923f09fde80
SHA1

e515509e4cb98440040271609746402f5bb35ac8
SHA256

ae0f4d9f9d995ed3c85142a61cb7b0a4979efd6d32742ea7a27aa626c8872ab0
SHA512

7fad14c50a2a9504572089b36ade5bbf851cbda1ee831878db463bf8133db329ef92454b3ee137692f9804a3d80fd5f700d4aaa93f410df86326e3138280b376
SSDEEP

768:M2hdIN9yYnbMUd6m5qg6EPoR8GJWfv5Q1lj7992MAg00MjL:MAIN9yYnbMyN5O89fhQzjx92100L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7008bcb445d389fab3a50923f09fde80

Files

7008bcb445d389fab3a50923f09fde80
.exe windows:4 windows x86 arch:x86

ded2ecb6a8edc71c7e0dec434b06af36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

LdrProcessRelocationBlock
NtQueryInformationThread
NtOpenProcessToken
RtlFindMostSignificantBit
RtlMultiByteToUnicodeSize
NtResetEvent
RtlSelfRelativeToAbsoluteSD2
NtCurrentTeb
NtOpenObjectAuditAlarm
RtlLargeIntegerToChar
NtFreeUserPhysicalPages
RtlDestroyAtomTable
NtReadFileScatter
atoi
NtFsControlFile

kernel32

GetProfileIntA
CancelIo
SetFilePointer
ReadConsoleOutputCharacterW
AddAtomW
GetFileType
_lclose
WriteConsoleInputA
CallNamedPipeW
OpenSemaphoreA
IsValidCodePage
GetCurrentThread
GlobalMemoryStatus
SearchPathW
GetFullPathNameW
GetCurrentProcess
AddConsoleAliasA
ExpandEnvironmentStringsW
GetCompressedFileSizeA
PeekConsoleInputA
GenerateConsoleCtrlEvent
GetConsoleFontSize
ExitProcess
SetVolumeLabelW
EnterCriticalSection
TlsGetValue
_llseek
GetCommandLineA
VirtualAlloc

gdi32

CreateDIBitmap
GetMetaRgn
GetObjectType
GetCharWidthW
GdiEntry8
GetRandomRgn
GetColorAdjustment
GdiEntry7
GetTextColor
Polyline
RemoveFontResourceTracking
SetMapperFlags
CreateColorSpaceA
GdiEntry14
GdiComment
FillRgn
CreatePolyPolygonRgn
GdiPlayDCScript
CancelDC
ExtSelectClipRgn
GetCharABCWidthsFloatA
GdiProcessSetup
GetObjectA
GdiSetBatchLimit
CreatePatternBrush
GdiConsoleTextOut
SetICMProfileA
SetBkMode
DeleteMetaFile

ole32

OleLoadFromStream
CoQueryReleaseObject
HACCEL_UserSize
HGLOBAL_UserFree
OleSaveToStream
HBITMAP_UserMarshal
HMETAFILEPICT_UserUnmarshal
CoGetPSClsid
HMENU_UserMarshal
HBITMAP_UserSize
GetDocumentBitStg
WdtpInterfacePointer_UserMarshal
CoMarshalInterThreadInterfaceInStream
ReadClassStm
OleGetIconOfFile
CoRegisterMallocSpy
CoDosDateTimeToFileTime

user32

GetDCEx
GetMenuState
GetWindowContextHelpId
SetSysColorsTemp
DdePostAdvise
CopyRect
SetWindowPlacement
TranslateMessage
GetKeyState
GetMenuCheckMarkDimensions
BeginPaint
RegisterWindowMessageW
DdeUninitialize
SetSystemMenu
EnumPropsA
GetClassInfoExA
InsertMenuW
InvalidateRect
SetSysColors
SetWindowWord

Sections

.text
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ded2ecb6a8edc71c7e0dec434b06af36

Headers

File Characteristics

Imports

ntdll

kernel32

gdi32

ole32

user32

Sections

.text Size: 42KB - Virtual size: 44KB

.data Size: 37KB - Virtual size: 128KB

.adata Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 44KB

.data
Size: 37KB - Virtual size: 128KB

.adata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB