726db4b99aeaa5498103d47232055d68

Sharing

Copy URL Twitter E-mail

General

Target

726db4b99aeaa5498103d47232055d68
Size

224KB
MD5

726db4b99aeaa5498103d47232055d68
SHA1

34ef1c9f3b725f198f5a4c19006d59ed194cae0a
SHA256

15f3fca73b7313c600cc7ec369c4e6b56df764fbba8cbe3d481dc4ea41e6ba80
SHA512

08c55566cb78594ac6ad885c203d7d735591f75bda6dfbb23cb32a44930129b13a681014b4c5955eca5ecaf59cb28afe6bf2b76830f6359a1a81359668275270
SSDEEP

6144:FFphLbSIe17MUzsgW0ci0Vv3BzvBEsCRCtK7CKmAmN4:zHLb1eFMUzsgW0cz3BvBEItkCKj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
726db4b99aeaa5498103d47232055d68

Files

726db4b99aeaa5498103d47232055d68
.exe windows:5 windows x86 arch:x86

38bd9925ff3d6354de645b12e4b4ed7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
HeapSize
RtlUnwind
LoadLibraryW
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
CompareStringW
GetCurrentProcessId
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
LocalFree
CloseHandle
QueryPerformanceFrequency
GlobalFree
GetLastError
SetFilePointer
FlushFileBuffers
TlsGetValue
TlsAlloc
GetModuleFileNameW
RaiseException
CreateFileW
GetFileAttributesW
HeapCreate
HeapAlloc
Sleep
GlobalAlloc
GetTickCount
HeapFree
QueryPerformanceCounter
GetCurrentProcess
GetSystemTimeAsFileTime
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
TerminateProcess
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer

user32

PtInRect
RegisterClassA
GetScrollPos
EndPaint
ClientToScreen
GetMessageA
SetTimer
GetWindowRect
RegisterClassExA
PostQuitMessage
TrackPopupMenu
IsIconic
IsZoomed
GetSubMenu
LoadMenuA
LoadIconA
LoadCursorA
SetFocus
SendMessageA
GetClientRect
GetDC
TranslateMessage
GetScrollInfo
MessageBoxA
SetCursorPos
UnregisterClassA
CreateWindowExA
ReleaseDC
ScrollWindow
DefWindowProcA
RedrawWindow
GetDesktopWindow
GetCursorPos
LoadAcceleratorsA
ShowWindow
WindowFromDC
IsWindow
DispatchMessageA
CloseWindow
UpdateWindow

gdi32

LineTo
DeleteDC
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
GetTextMetricsA
GetStockObject
BitBlt

winspool.drv

EndPagePrinter

advapi32

EqualSid
CheckTokenMembership
RegOpenKeyExW
LookupAccountSidA
GetTokenInformation

shell32

SHEmptyRecycleBinA

oleaut32

GetErrorInfo

ws2_32

WSAStartup

mpr

WNetGetUniversalNameA
WNetCloseEnum

msacm32

acmFilterTagDetailsA

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38bd9925ff3d6354de645b12e4b4ed7e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

oleaut32

ws2_32

mpr

msacm32

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 176KB - Virtual size: 183KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 176KB - Virtual size: 183KB

.rsrc
Size: 512B - Virtual size: 436B