795f47909158b8b20a3514477b89a055

Sharing

Copy URL Twitter E-mail

General

Target

795f47909158b8b20a3514477b89a055
Size

76KB
MD5

795f47909158b8b20a3514477b89a055
SHA1

0ed5634e12f6c923fd2e7e9e2bc7c01536ad4674
SHA256

e0e61afdb50a341ba1d9e0f6edf1ef1c5c83d82b9b95a4edb17a00117ac66c73
SHA512

910ccf7e3278f60b0ee1cb413e923bd0a2fe2c102941eab0a68012db664de44c79a8b0cc5ece81c4e9d80337ac23ce88305702a5eae2e82553ae40a1e1bdb468
SSDEEP

1536:J5QP1APopKJh6ozlejo+twvpHzDRBWpb4Bu25JR:J5QdxpKfRU4zDz3Bu25JR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
795f47909158b8b20a3514477b89a055

Files

795f47909158b8b20a3514477b89a055
.exe windows:5 windows x86 arch:x86

cca2f04c53bb2c589fbaf58ab1698228

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

CreateThread
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetModuleHandleA
ReadFile
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
CopyFileA
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
CreateFileA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetCPInfo

user32

GetMessageA
GetDlgItemInt
RegisterClassExA
PostQuitMessage
LoadIconA
SendMessageA
TranslateMessage
MessageBoxA
CreateWindowExA
GetDlgItem
DefWindowProcA
CheckDlgButton
IsDlgButtonChecked
DispatchMessageA
UpdateWindow
EnableWindow
LoadCursorA
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA

gdi32

GetStockObject

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cca2f04c53bb2c589fbaf58ab1698228

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 12KB