7880764854938b1b974629b8d0ec39d2

Sharing

Copy URL

Twitter E-mail

General

Target

7880764854938b1b974629b8d0ec39d2
Size

244KB
MD5

7880764854938b1b974629b8d0ec39d2
SHA1

858f8fab3b36a6548be7bc845e555ca462061a13
SHA256

47f4692cb873fd4ce69ebef018c824597e8e08642356db1af957d52d430091f5
SHA512

ec83ff82834f229b9aa6534d15aa879b8e59848479bc459b3c307fba22ad2a79328afa4fa3e9381a3225fd29361e4e2b63cb8b885c871036df33b7c8cc53bda2
SSDEEP

6144:H7H3IsIRNvsKmCE38fGgOyEPlRttumfiUJ:Hb3IsI5K3aDOXPlVu0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7880764854938b1b974629b8d0ec39d2

Files

7880764854938b1b974629b8d0ec39d2
.exe windows:4 windows x86 arch:x86

9161a253132502e80e35148ccbad5f17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreA
VirtualAlloc
IsBadCodePtr
GlobalLock
GetFileType
VirtualProtect
LoadLibraryA
GetProcAddress
GetModuleHandleA
ResetEvent
GetTempPathA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetLastError
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
VirtualFree
MultiByteToWideChar
Sleep
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
GetSystemInfo
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA

user32

PostQuitMessage
UpdateWindow
LoadBitmapA
SendMessageA
RegisterClassA
GetWindow
LoadCursorA
GetDesktopWindow
GetDC
GetCursorPos
IsZoomed
SetTimer
ReleaseDC
CreateIcon
IsIconic
SetCursorPos
ShowWindow
GetWindowRect
SetCursor
DestroyWindow

gdi32

FloodFill
CreatePatternBrush

shell32

ord196

psapi

GetModuleInformation
EnumProcesses
EnumProcessModules
GetWsChanges
EmptyWorkingSet

ws2_32

WSAStartup
WSACleanup

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9161a253132502e80e35148ccbad5f17

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

psapi

ws2_32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 12KB - Virtual size: 11KB

.tls Size: 4KB - Virtual size: 2KB

.rsrc Size: 88KB - Virtual size: 85KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 12KB - Virtual size: 11KB

.tls
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 88KB - Virtual size: 85KB