7f4f2a806819b6d9c0a55e63cd8039e4

Sharing

Copy URL

Twitter E-mail

General

Target

7f4f2a806819b6d9c0a55e63cd8039e4
Size

67KB
MD5

7f4f2a806819b6d9c0a55e63cd8039e4
SHA1

ff0d46a2a8d756d5d809d0471cf79ed13b6aee21
SHA256

788b1fc80bc7d79586a90ecccfeef45fa4045418e07e2959a0785427793b7459
SHA512

89a1e7ccf9da494e50ef4ee6955b5192b06f37a494507443380034d948e39bea1e84ab3b8ab8cde58c1f9469fdf8c31546c30fb8e0c7f238426847a18f0f3551
SSDEEP

1536:WgkecUvI3/FSvc6A1doPmxGIzPnWagNF8kqN3ApUd0lFkv:Hb60A1doexGIzPnWagF8zyeGFkv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f4f2a806819b6d9c0a55e63cd8039e4

Files

7f4f2a806819b6d9c0a55e63cd8039e4
.exe windows:5 windows x86 arch:x86

ca16406a9d2ad9ade05fe97c1d826d33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetErrorMode
GetPrivateProfileStringW
WriteFile
GlobalUnlock
LoadLibraryExW
GetSystemTimeAsFileTime
DeleteFileW
GetTempFileNameW
GetEnvironmentVariableW
GlobalSize
GlobalReAlloc
LoadResource
FreeLibrary
EnumResourceNamesW
GetWindowsDirectoryW
GetLastError
MoveFileW
GetDriveTypeW
MulDiv
WritePrivateProfileStringW
WinExec
ExitProcess
GetStartupInfoW
GetCommandLineW
LoadLibraryW
GetThreadLocale
FindResourceW
LockResource
FreeResource
LocalFree
CreateFileW
ReadFile
SetFilePointer
MultiByteToWideChar
ExpandEnvironmentStringsW
GetModuleHandleW
GetProcAddress
SetLastError
FindFirstFileW
FindClose
SearchPathW
Sleep
GlobalAlloc
CreateProcessW
CloseHandle
GetPrivateProfileSectionW
GlobalLock
lstrcmpW
GlobalFree
lstrcpyW
lstrcatW
lstrcmpiW
lstrcpynW
lstrlenW
lstrlenA
GetModuleFileNameW
LocalAlloc
RemoveDirectoryW
SetFileAttributesW

gdi32

GetDeviceCaps
GetTextExtentPointW
GetTextExtentExPointW

user32

DdeClientTransaction
wsprintfW
LoadStringW
GetWindow
CharNextW
SetPropW
DdeQueryNextServer
GetPropW
FindWindowW
GetClassNameW
DdeConnectList
DdeCreateStringHandleW
GetDesktopWindow
DdeFreeStringHandle
DdeUninitialize
DdeInitializeW
SetForegroundWindow
CopyRect
DdeDisconnectList
LookupIconIdFromDirectory
CreateDialogParamW
EnableMenuItem
GetSystemMenu
GetDC
DestroyWindow
GetClientRect
SendDlgItemMessageW
DispatchMessageW
SystemParametersInfoW
LoadCursorW
SetCursor
GetLastActivePopup
wvsprintfW
GetSystemMetrics
PeekMessageW
MessageBoxW
GetDlgItem
SetDlgItemTextW
ReleaseDC

advapi32

RegQueryValueW
RegEnumKeyExW
RegCloseKey
RegSetValueW
RegOpenKeyW
RegEnumValueW
RegCreateKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW

comctl32

ord328
ord334
ord365
ord320
ord321
ord326
ord323
ord73
ord236
ord358
ord235
ord324
ord17
ord332

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ord163
ord171
ord63
SHGetSpecialFolderLocation
ord23
ord128
ord25
ord155
ord157
SHGetPathFromIDListW
ShellExecuteExW
ord96
ord195
ord33
ord196
FindExecutableW
ord29
ord37
ord31
SHChangeNotify
ord32
ord39
ord175
ord57
ord49
ord45
ord36
ord119
ord58
ord165
ord56
ord51
ord52
ord79
ord164
SHAddToRecentDocs
ord64
ord89
ord35
ord34
ord94

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca16406a9d2ad9ade05fe97c1d826d33

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

comctl32

version

shell32

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 592B

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 592B

.rsrc
Size: 32KB - Virtual size: 32KB