7b345f23fae84abdc0420181c41b7bb5

Sharing

Copy URL

Twitter E-mail

General

Target

7b345f23fae84abdc0420181c41b7bb5
Size

318KB
MD5

7b345f23fae84abdc0420181c41b7bb5
SHA1

eea07a60991ea526992067c1c357034a48aa545c
SHA256

d00d72195ffa5bcab5c115326d7888b6e260c50e25333b159f8e92e75b1d3202
SHA512

688a5e940b80f307c163efa59db208463bae46f14a09d4da0556f173b25d67daf8a9e77a68baa57eac4d4e4558c5610461d67a8ea75748d6202b58a23cf78cb8
SSDEEP

6144:usOtRAj6+u1a6GYx7DPVtLs5J9DDDVeIuvqKa8yEOzwF7iBnQ6As2gh:Oc6+u1Jtc5LVcs8yEOzYiB/AM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b345f23fae84abdc0420181c41b7bb5

Files

7b345f23fae84abdc0420181c41b7bb5
.exe windows:4 windows x86 arch:x86

c06fc95a953fd176b63970a0240aa2d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mapi32

MAPIOpenFormMgr

ole32

CoUninitialize
CoInitialize
CoCreateInstance
PropVariantClear

shlwapi

SHStrDupA
SHDeleteKeyA
SHDeleteKeyW

kernel32

ExitProcess
GetCPInfo
WriteConsoleW
SetStdHandle
GetLocaleInfoA
InterlockedExchange
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetProcessHeaps
SetCurrentDirectoryA
MultiByteToWideChar
HeapValidate
LeaveCriticalSection
HeapUnlock
DeleteFileA
GetFileType
GetCurrentDirectoryA
GetCurrentThread
CreateProcessA
GetVersionExA
WriteFile
CloseHandle
RemoveDirectoryA
GetLastError
GetFullPathNameW
FindNextFileA
ExitThread
Sleep
ExpandEnvironmentStringsA
CopyFileA
CreateThread
GetCurrentProcessId
LCMapStringW
LoadLibraryA
FreeEnvironmentStringsW
TlsFree
lstrlenA
SetEnvironmentVariableA
HeapSize
WaitForSingleObject
SetFilePointer
MoveFileExA
FlushFileBuffers
GetFileAttributesExA
ResumeThread
GetCurrentProcess
GetTimeZoneInformation
GetStringTypeW
WaitForMultipleObjects
SetConsoleCtrlHandler
GetStringTypeA
GetCommandLineA
LoadLibraryExW
IsValidCodePage
InterlockedCompareExchange
GetExitCodeProcess
LCMapStringA
VirtualFree
GetProcAddress
ExitProcess
CompareStringA
GetDriveTypeA
GetCurrentThreadId
FindClose
HeapLock
GetConsoleWindow
HeapWalk
ReadConsoleInputA
GetModuleFileNameA
RaiseException
GetACP
RtlUnwind
EnterCriticalSection
SetLastError
SetConsoleTitleA
FreeEnvironmentStringsA
SetEvent
GetTickCount
CreateFileA
VirtualQuery
GlobalLock
HeapAlloc
DebugBreak
GetLocalTime
SetUnhandledExceptionFilter
WideCharToMultiByte
UnhandledExceptionFilter
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStrings
GetThreadPriority
GetFileSize
GetProcessHeap
GetFileAttributesW
InitializeCriticalSection
HeapReAlloc
GetNumberOfConsoleInputEvents
InterlockedIncrement
GetFileAttributesA
GlobalUnlock
OpenProcess
CompareStringW
GlobalAlloc
GetStdHandle
GetOEMCP
LocalFree
HeapDestroy
SetEndOfFile
GetConsoleOutputCP
CreateDirectoryW
CreateEventA
GetStartupInfoA
SetFileAttributesA
TlsSetValue
HeapFree
VirtualAlloc
InterlockedDecrement
FindFirstFileA
SetHandleCount
TlsGetValue
GetModuleFileNameW
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
TlsAlloc
OutputDebugStringA
CreateFileW
ReadFile
HeapCreate
CreateDirectoryA
GetConsoleMode
LoadLibraryExA
WriteConsoleA
DeleteCriticalSection
FreeLibrary
IsDebuggerPresent
GetModuleHandleA
TerminateProcess

shell32

SHGetMalloc
ShellExecuteA
SHGetFolderPathA
SHGetSpecialFolderPathA

user32

DialogBoxParamA
GetDlgItem
GetCursorPos
GetWindowTextLengthA
GetDlgItemInt
EndDialog
EmptyClipboard
IsWindowVisible
wsprintfA
SetDlgItemTextA
GetDesktopWindow
MessageBoxA
ShowWindow
GetKeyState
SetClipboardData
EnumWindowStationsW
SetDlgItemInt
GetWindowThreadProcessId
EnumWindows
DdeDisconnect
ScreenToClient
GetWindowRect
OpenClipboard
SetWindowPos
PeekMessageA
CloseClipboard

advapi32

OpenServiceA
RegDeleteValueA
RegCloseKey
StartServiceA
QueryServiceStatus
OpenSCManagerA
RegisterServiceCtrlHandlerA
DeleteService
RegEnumValueA
RegisterEventSourceA
RegSetValueExA
SetEntriesInAclA
SetSecurityDescriptorDacl
CreateServiceA
GetSecurityDescriptorDacl
QueryServiceStatusEx
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryValueExA
CloseServiceHandle
InitializeSecurityDescriptor
ConvertStringSidToSidA
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExW
SetNamedSecurityInfoA
ChangeServiceConfigA
RegOpenKeyExA
ChangeServiceConfig2A
RegCreateKeyExA
SetServiceObjectSecurity
DeregisterEventSource
StartServiceCtrlDispatcherA
ControlService
RegEnumKeyExA
SetServiceStatus
ReportEventA
QueryServiceObjectSecurity
AdjustTokenPrivileges

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denue
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c06fc95a953fd176b63970a0240aa2d6

Headers

File Characteristics

Imports

mapi32

ole32

shlwapi

kernel32

shell32

user32

advapi32

Sections

.text Size: 205KB - Virtual size: 205KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 100KB - Virtual size: 100KB

.denue Size: 5KB - Virtual size: 72KB

.text
Size: 205KB - Virtual size: 205KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 100KB - Virtual size: 100KB

.denue
Size: 5KB - Virtual size: 72KB