7b85a949c3b69dad0b27ce67ee03c9cb

Sharing

Copy URL Twitter E-mail

General

Target

7b85a949c3b69dad0b27ce67ee03c9cb
Size

428KB
MD5

7b85a949c3b69dad0b27ce67ee03c9cb
SHA1

aef6d0f3e402c2687a783b87d83f742880fa029e
SHA256

939a6a4dd8b7fd834b462b973d5d1b3f9a18eb5c91df5bdaa640028ea34fb885
SHA512

71c200469754be77808762ce151562ef062d1c17a0fb777570aa8c28dbe8b1c1a32678f1116d7cc928eca620aeaf6a7957791be5be6932d9c9b418add65eb817
SSDEEP

6144:Csg0fKFsh+bHh9UXX7ryaYZOwgJzI4KL3lqDWFuBO2a2iVZ+4ugd+QfH6HUW0pfT:CfU+d55+wuBODkOorEL8lg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b85a949c3b69dad0b27ce67ee03c9cb

Files

7b85a949c3b69dad0b27ce67ee03c9cb
.exe windows:4 windows x86 arch:x86

52be74c27452c8297b00fc79db0610b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
SetEnvironmentVariableW
VirtualQuery
TlsAlloc
IsValidLocale
HeapCreate
HeapSize
GetLocaleInfoW
GetDateFormatA
HeapDestroy
GetSystemTimeAsFileTime
GetProcessHeap
GetTimeZoneInformation
WideCharToMultiByte
LCMapStringA
UnhandledExceptionFilter
GetStartupInfoA
CompareStringA
GetTimeFormatA
GetVersionExA
SetLastError
InitializeCriticalSection
ExitProcess
SetUnhandledExceptionFilter
GetOEMCP
LCMapStringW
GetProcAddress
HeapReAlloc
GetStdHandle
HeapFree
GetCurrentProcess
GetEnvironmentStringsW
GetCurrentProcessId
SetConsoleCtrlHandler
ExpandEnvironmentStringsW
TerminateProcess
GetStringTypeW
GetTickCount
InterlockedDecrement
MultiByteToWideChar
InterlockedExchange
SetHandleCount
TlsGetValue
GetModuleFileNameW
DeleteCriticalSection
lstrcmpi
EnterCriticalSection
RtlUnwind
QueryPerformanceCounter
IsDebuggerPresent
CompareStringW
SetEnvironmentVariableA
GetLastError
FreeEnvironmentStringsW
GetCommandLineA
InterlockedIncrement
EnumSystemLocalesA
GetEnvironmentStrings
WriteFile
GetPrivateProfileSectionA
LeaveCriticalSection
GetUserDefaultLCID
GetModuleFileNameA
IsValidCodePage
VirtualAlloc
GetModuleHandleA
VirtualFree
GetStringTypeA
GetCommandLineW
HeapAlloc
TlsSetValue
GetCPInfo
GetCurrentThreadId
lstrcmp
GetLocaleInfoA
GetFileType
FreeEnvironmentStringsA
TlsFree
GetCurrentThread
FreeLibrary
GetStartupInfoW
GetACP
Sleep

shell32

DuplicateIcon
ShellHookProc
SHGetSpecialFolderPathA
RealShellExecuteExA

comdlg32

PageSetupDlgW
FindTextW
ChooseColorW
ChooseFontW

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52be74c27452c8297b00fc79db0610b8

Headers

File Characteristics

Imports

kernel32

shell32

comdlg32

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 8KB - Virtual size: 19KB

.data Size: 283KB - Virtual size: 283KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 8KB - Virtual size: 19KB

.data
Size: 283KB - Virtual size: 283KB

.rsrc
Size: 10KB - Virtual size: 9KB