7dcd88c0a64b6daf12b2243ee4d09dc8

Sharing

Copy URL

Twitter E-mail

General

Target

7dcd88c0a64b6daf12b2243ee4d09dc8
Size

208KB
MD5

7dcd88c0a64b6daf12b2243ee4d09dc8
SHA1

fd1b3f6c64a54efd70486e59423b448222a77f50
SHA256

d47707130cf827b3355a5dbe6635ca91be9144b0eb1a878b7e1026d952f8819c
SHA512

49cc4793a3bf400410dbcea7d7ae3c90978d7f16c70f557e9663e458f2197b2f120d0f9c1c91ac7b3f186aaae1acbfaab9ca092ea266ee06c2c3d1b74ce6b224
SSDEEP

3072:Ckvc7KL8YGNbie5qv0zHqQhlGd/jDpc4kgdtX7FADiRfRZe2V6VA5EJx:Cp74y5k0bqQad7dcs/F8cPew

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7dcd88c0a64b6daf12b2243ee4d09dc8

Files

7dcd88c0a64b6daf12b2243ee4d09dc8
.exe windows:4 windows x86 arch:x86

07f8b064a109dcab69eeb5d575a0950b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SwitchToFiber
VirtualAlloc
CreateDirectoryW
OpenFile
_lclose
GetProcessHeap
GetSystemTimeAsFileTime
_lopen
GetWindowsDirectoryA
FindNextChangeNotification
FindFirstFileA
FreeLibraryAndExitThread
ReadFileScatter
ScrollConsoleScreenBufferA
lstrcmpA
IsBadWritePtr
GetPrivateProfileStringW
GetTempFileNameA
RemoveDirectoryA
TlsGetValue
_llseek
GetVolumeInformationW
PrepareTape
SetFileAttributesA
GetThreadContext
SetThreadLocale
CompareStringW
LeaveCriticalSection
LocalSize
VirtualAllocEx
FindResourceExA
GetCommModemStatus
CreateDirectoryA
FormatMessageW
ExitProcess
GetCommandLineA
RemoveDirectoryW
ReleaseSemaphore
GetACP
VirtualUnlock
PeekConsoleInputW

shell32

DragAcceptFiles

advapi32

IsValidSecurityDescriptor
LookupPrivilegeValueW
RegQueryValueA
GetSecurityDescriptorSacl
SetFileSecurityW
CryptGetUserKey
IsValidAcl
GetNamedSecurityInfoW
MapGenericMask
RegLoadKeyW
RegUnLoadKeyW
DuplicateToken
SetEntriesInAclW
RegEnumValueW
LockServiceDatabase
FreeSid
OpenThreadToken
MakeAbsoluteSD
RegCreateKeyW
EnumServicesStatusA
DuplicateTokenEx
GetUserNameW
EnumServicesStatusW
GetSidIdentifierAuthority
SetSecurityInfo
CloseEventLog
RegConnectRegistryA
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerA
LookupAccountNameA
RegDeleteKeyA
RegDeleteValueW
LookupAccountSidA
GetSidSubAuthorityCount

ws2_32

inet_addr
WSAHtons
WSANtohs
WSARecvFrom
htonl
sendto
getservbyname
WSAConnect
WSAAsyncGetServByPort
WSAGetLastError
WSAInstallServiceClassW
WSAEnumNameSpaceProvidersA
ioctlsocket
shutdown
WSAEnumProtocolsW
WSACancelAsyncRequest
closesocket

user32

GetUpdateRect
SetPropW
NotifyWinEvent
GetUserObjectInformationA
LoadStringA
RegisterClassW
DestroyWindow
BroadcastSystemMessageW
ScreenToClient
SetActiveWindow
GetKeyNameTextA
CheckMenuItem
GetWindowRgn
WinHelpW
SetRect
DefWindowProcA

oleaut32

SafeArrayRedim
SafeArrayCreate
SafeArrayGetElement
VariantCopy
SafeArrayPutElement
SafeArrayGetLBound
SysAllocStringLen
LoadTypeLibEx
VariantChangeType

gdi32

StartPage
SetTextAlign
Rectangle

comctl32

ImageList_GetBkColor
ImageList_DragEnter
ImageList_DragShowNolock

version

GetFileVersionInfoSizeA
VerInstallFileA
GetFileVersionInfoA

ole32

CoDisconnectObject

msvcrt

_wsplitpath
freopen
wprintf
getc
iswascii
perror
wcsncpy
_mbstrlen
_setmode
_mbctoupper
mbstowcs
atol
_exit
wcslen
_close
vfprintf
_getpid
_lseeki64
isspace
isxdigit
_wcsicoll
_getche
_mbsstr
fwrite
_pipe
wcsftime
_mbsrchr

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07f8b064a109dcab69eeb5d575a0950b

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

ws2_32

user32

oleaut32

gdi32

comctl32

version

ole32

msvcrt

Sections

.text Size: 200KB - Virtual size: 196KB

.rdata Size: 4KB - Virtual size: 3KB

.text
Size: 200KB - Virtual size: 196KB

.rdata
Size: 4KB - Virtual size: 3KB