7da1f3cb8c95e82f071208ea30ee31a1

Sharing

Copy URL Twitter E-mail

General

Target

7da1f3cb8c95e82f071208ea30ee31a1
Size

571KB
MD5

7da1f3cb8c95e82f071208ea30ee31a1
SHA1

3a00ae1bc584cb1ce18b3da7b6babffd7f39a04f
SHA256

e6ef73c695fb0f3991f9dc2b6d54ab956660cffa1a25eec87966407eaef7f831
SHA512

ce0d80a2e216b01f339828684c8e9ca97b0a8588fc090e620360dc716f9f6a0aad8a8e3a275e944fd37dbc56708ac71197c4ed914cf9e1fa09dd7790d96b4735
SSDEEP

12288:naLsgVfRdsMJJJYUlCqfOkJwmrjTcHsQrgIgvONF2Mt:na7VfRzJYdqfOkVjTM2o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7da1f3cb8c95e82f071208ea30ee31a1

Files

7da1f3cb8c95e82f071208ea30ee31a1
.exe windows:5 windows x86 arch:x86

09c2d00c871f7eac586b16e8296913f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmTaskCreate
mmTaskBlock
mmDrvInstall
mixerSetControlDetails
mixerOpen
mixerMessage
mixerGetLineInfoW
mixerGetLineInfoA
mixerGetLineControlsW
mixerGetLineControlsA
mixerGetID
mixerGetDevCapsA
mixerGetControlDetailsA
midiStreamProperty
midiStreamOut
midiStreamOpen
midiOutShortMsg
midiOutSetVolume
midiOutReset
midiOutLongMsg
midiOutGetVolume

version

VerInstallFileW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA

comdlg32

GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
FindTextA
PageSetupDlgW
ChooseFontA
ChooseColorA

user32

UpdateWindow
SendMessageA
PostMessageA
OemToCharBuffA
DestroyCaret
CreateMenu
CreateIconFromResourceEx
CopyImage

kernel32

GetProcAddress
WriteFileEx
VirtualProtectEx
VirtualFree
VerLanguageNameA
SwitchToFiber
Sleep
SizeofResource
SetLastError
SetHandleInformation
SetCriticalSectionSpinCount
SetComputerNameExW
RequestDeviceWakeup
MoveFileExA
LocalHandle
IsBadStringPtrA
InterlockedCompareExchange
HeapValidate
HeapAlloc
GlobalHandle
GetWriteWatch
GetTickCount
GetShortPathNameW
GetPrivateProfileStringA
GetFileTime
GetFileSize
GetFileAttributesExA
GetEnvironmentStringsA
GetCommandLineA
GetBinaryTypeA
FormatMessageA
ExitProcess
EnumUILanguagesA
EnumTimeFormatsW
EndUpdateResourceW
DeleteFileA
CreateWaitableTimerW
CreateWaitableTimerA
_hread
AddAtomA
ClearCommBreak
ConvertDefaultLocale
CopyFileExA
CreateProcessW
WriteProfileSectionW

setupapi

CM_Get_Child
CM_Open_Class_Key_ExW
CM_Request_Device_Eject_ExW
CM_Set_Class_Registry_PropertyA
SetupDiGetClassInstallParamsW
SetupDiOpenDevRegKey
CM_Enumerate_Classes

ntdll

NtInitiatePowerAction
NtQueryInformationProcess
NtAdjustPrivilegesToken
NtRequestWaitReplyPort
NtSetInformationToken
NtWaitHighEventPair
RtlAddAccessAllowedAce
RtlAreAllAccessesGranted
RtlDeleteTimerQueueEx
RtlGetProcessHeaps
RtlIsDosDeviceName_U
RtlIsValidHandle
RtlNtStatusToDosError
RtlQueryProcessHeapInformation
RtlReleasePebLock
RtlSetCriticalSectionSpinCount
RtlSetDaclSecurityDescriptor
RtlSetSecurityObjectEx
RtlpUnWaitCriticalSection
ZwClose
ZwExtendSection
ZwLockFile
ZwPrivilegeCheck
NlsMbOemCodePageTag
NtQuerySystemTime

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09c2d00c871f7eac586b16e8296913f4

Headers

File Characteristics

Imports

winmm

version

comdlg32

user32

kernel32

setupapi

ntdll

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 463KB - Virtual size: 463KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 463KB - Virtual size: 463KB

.rsrc
Size: 48KB - Virtual size: 47KB