71baf9fa17eac7c1b51611f7a1327068

Sharing

Copy URL Twitter E-mail

General

Target

71baf9fa17eac7c1b51611f7a1327068
Size

294KB
MD5

71baf9fa17eac7c1b51611f7a1327068
SHA1

fafc62ec19989106eb34c17f344dce80a15d6110
SHA256

d00472ad385d61f81ebd7b5436fcf3c6da305e9a13ab0d6e8892fc24932fa441
SHA512

76c3de5b7c4ddac89c5551a1931d93f2c50ea441719cb18745c244e883cbc3fd467ae7e1110181ebb58c857b4c8f90c6b73215872992791afca9ed2ba9647635
SSDEEP

6144:/ps05m+70rnAfz1zcqvSC/eLgU1l6DDDlKhOsT6aMdhF0:/K05mN4BzoCWMU1l6DDwhOljdh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71baf9fa17eac7c1b51611f7a1327068

Files

71baf9fa17eac7c1b51611f7a1327068
.exe windows:4 windows x86 arch:x86

b5f9fbf6dfb93f3d136ba87806b58e23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteValueA
SHEnumValueA
SHQueryInfoKeyA
PathGetCharTypeA
PathIsContentTypeA
SHStrDupA
PathIsDirectoryA
SHGetValueA
SHDeleteKeyA
PathFileExistsA
SHDeleteKeyA
PathGetCharTypeA
PathIsDirectoryA
SHGetValueA
SHSetValueA
PathFileExistsA
SHQueryInfoKeyA
SHQueryValueExA
PathIsDirectoryA
PathFileExistsA
SHStrDupA

version

GetFileVersionInfoA
VerInstallFileA
VerFindFileA
VerFindFileA

gdi32

SelectPalette
CreateCompatibleBitmap
CreateFontIndirectA
SaveDC
LineTo
SetBkMode
GetPaletteEntries

comctl32

ImageList_Write
ImageList_Create
ImageList_DragShowNolock

comdlg32

FindTextA
GetFileTitleA
GetSaveFileNameA
ChooseColorA
ChooseColorA
GetOpenFileNameA

msvcrt

exit
swprintf
mbstowcs
wcsncmp
abs
log
pow
malloc
strcmp

oleaut32

SafeArrayCreate

user32

GetWindowRect
GetWindowLongW
GetWindowDC

ole32

CoCreateInstanceEx
CoRevokeClassObject
WriteClassStm
CoFreeUnusedLibraries
CoUninitialize

kernel32

GetModuleHandleA
GetLastError
ExitProcess
ExitThread
LoadLibraryExA
GetProcAddress
VirtualAllocEx
GlobalAlloc
GetVersionExA
IsBadReadPtr
lstrlenA
LoadLibraryA

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegLoadKeyA

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetFolderPathA
SHGetDesktopFolder
SHGetDiskFreeSpaceA

Sections

CODE
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 787B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata
Size: 1024B - Virtual size: 861B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5f9fbf6dfb93f3d136ba87806b58e23

Headers

File Characteristics

Imports

shlwapi

version

gdi32

comctl32

comdlg32

msvcrt

oleaut32

user32

ole32

kernel32

advapi32

shell32

Sections

CODE Size: 48KB - Virtual size: 47KB

.rdata Size: 1024B - Virtual size: 787B

.data Size: 9KB - Virtual size: 8KB

.bdata Size: 1024B - Virtual size: 861B

.hdata Size: 228KB - Virtual size: 228KB

.gdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 996B

CODE
Size: 48KB - Virtual size: 47KB

.rdata
Size: 1024B - Virtual size: 787B

.data
Size: 9KB - Virtual size: 8KB

.bdata
Size: 1024B - Virtual size: 861B

.hdata
Size: 228KB - Virtual size: 228KB

.gdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 996B