7b1efc1f5002a02dd06e3544f74c5bc5

Sharing

Copy URL Twitter E-mail

General

Target

7b1efc1f5002a02dd06e3544f74c5bc5
Size

552KB
MD5

7b1efc1f5002a02dd06e3544f74c5bc5
SHA1

9970fba196441c6f9e31786857564c21bb023e8c
SHA256

3900bccb208c38a1332c8943b0650d1fed2dc59ee2c6632805b88249730bff07
SHA512

610a7ff384915531c9eace65c399cc08c15f3424cdb71581ed832b84a2487f8ef8f2a51efdc9d2f730991356bdc0d3982bcb94db49acaad80e6719bc7482ad1e
SSDEEP

6144:uLY4V33o6pDUT9haRbUFA0DdQuHfMqM9RP4q3/SSx5VyZy1bD3VkrDG0fVF2wi1T:uLZzVUJuwOTM7+4q3axZ6P3VkVBHeIS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b1efc1f5002a02dd06e3544f74c5bc5

Files

7b1efc1f5002a02dd06e3544f74c5bc5
.exe windows:4 windows x86 arch:x86

f107389a3dfa4cb889a18f376dff9653

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\RZJQDOEGO\YAJE\WGR\SIY\EYNT.PDB

Imports

shell32

SHFileOperation

advapi32

LookupAccountNameW
CryptDestroyKey
CryptGenRandom
DuplicateTokenEx
CryptAcquireContextA
InitializeSecurityDescriptor
CryptSignHashA
LogonUserA
CryptGetProvParam
RegRestoreKeyW

gdi32

GetObjectA
StartPage
SetLayout
GetCharWidth32A
CreateHalftonePalette
DeleteObject
SetWorldTransform
SetMetaFileBitsEx
SetTextJustification
GetAspectRatioFilterEx
GetGlyphOutlineW
DeleteDC
EnumFontFamiliesExW
Pie
StartDocA
CreateFontW
CreateDCW
GetDeviceCaps
IntersectClipRect
GetTextCharsetInfo
GetGlyphOutlineA

kernel32

SetStdHandle
GetDriveTypeA
MultiByteToWideChar
RtlUnwind
InterlockedExchange
InitializeCriticalSection
lstrcmpW
EnterCriticalSection
TlsGetValue
HeapDestroy
GlobalFree
HeapFree
GetDateFormatA
SetLastError
SetEnvironmentVariableA
GetThreadContext
GetLastError
FreeEnvironmentStringsA
VirtualFree
UnhandledExceptionFilter
GetStdHandle
HeapCreate
IsValidCodePage
GetStringTypeW
GlobalFix
GetFileType
LeaveCriticalSection
GetCurrentThread
WideCharToMultiByte
SetHandleCount
FindFirstFileA
ReadFile
WriteFile
CompareStringA
TlsFree
GetSystemInfo
GetExitCodeThread
FlushFileBuffers
IsBadWritePtr
GetCommandLineA
VirtualProtect
LCMapStringW
LoadModule
VirtualAlloc
GetTimeZoneInformation
DeleteCriticalSection
TlsAlloc
HeapReAlloc
FreeEnvironmentStringsW
TerminateProcess
GetModuleFileNameW
GetSystemTimeAsFileTime
TlsSetValue
HeapSize
GetACP
GetLocaleInfoW
GetTickCount
GetUserDefaultLCID
ExitProcess
VirtualQuery
GetConsoleOutputCP
GetOEMCP
GetVolumeInformationW
GetEnvironmentStrings
GetVersionExA
FillConsoleOutputCharacterW
GetProcAddress
GetModuleFileNameA
GetCurrentThreadId
EnumSystemLocalesA
OpenMutexA
LCMapStringA
GetCPInfo
GetModuleHandleW
CompareStringW
GetStartupInfoA
CreateMutexA
QueryPerformanceCounter
HeapAlloc
CloseHandle
GetLocaleInfoA
GetTimeFormatA
GetEnvironmentStringsW
SetFilePointer
GetCurrentDirectoryA
GetCurrentProcess
GetModuleHandleA
GetStringTypeA
LoadLibraryA
IsValidLocale
GetCurrentProcessId

comctl32

ImageList_SetIconSize
ImageList_GetIcon
ImageList_DragShowNolock
CreateMappedBitmap
ImageList_Merge
ImageList_BeginDrag
ImageList_ReplaceIcon
DrawInsert
InitCommonControlsEx
ImageList_Copy
ImageList_AddMasked
DrawStatusTextA
CreatePropertySheetPageA
CreateStatusWindowW
DrawStatusTextW
CreateStatusWindow
ImageList_SetFilter
ImageList_SetImageCount
ImageList_GetImageInfo

user32

CheckRadioButton
GetAltTabInfo
RegisterClassExA
GetClipboardData
DefWindowProcW
MessageBoxA
GetScrollPos
SetClassWord
DdeFreeStringHandle
ShowWindow
DrawTextExW
GetMessagePos
RegisterClassA
SetMenu
ReuseDDElParam
DrawStateW
BroadcastSystemMessageW
CreateWindowExA
GetClipboardSequenceNumber
EndDialog
SetWinEventHook
DestroyWindow
VkKeyScanExA

comdlg32

ChooseColorA
GetOpenFileNameW
PageSetupDlgW
FindTextW

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f107389a3dfa4cb889a18f376dff9653

Headers

File Characteristics

PDB Paths

Imports

shell32

advapi32

gdi32

kernel32

comctl32

user32

comdlg32

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 252KB - Virtual size: 249KB

.data Size: 112KB - Virtual size: 136KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 252KB - Virtual size: 249KB

.data
Size: 112KB - Virtual size: 136KB

.rsrc
Size: 12KB - Virtual size: 9KB