8045179a674fd7651f92428747306615

Sharing

Copy URL Twitter E-mail

General

Target

8045179a674fd7651f92428747306615
Size

454KB
MD5

8045179a674fd7651f92428747306615
SHA1

39b466577f9313340fad8f8ff0a2abb460294e02
SHA256

76757d7d15c966666d4e595666d4256bed6f5459ab287876d1a90f7c39e0d894
SHA512

5bd0d49429b6d6bef2bd9b3652bf226315d98174350a423bc4172762e146242258bd03913161f8d0b580599da2f8274f2d4928863c8644b7574261efe19a517e
SSDEEP

12288:S/CEO+Fg+JIukZgYJfCjkAfGW2eea5+wLZO6XJwF9MMnMMMMM:SdFvJ0vhCzT2eF5DLZO8JwzMMnMMMMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8045179a674fd7651f92428747306615

Files

8045179a674fd7651f92428747306615
.exe windows:4 windows x86 arch:x86

0957fed02ed7b0325f4b36ed593fe48b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCatBuffW
StrCpyNW
StrCatBuffA
wnsprintfA

kernel32

CompareFileTime
SetProcessWorkingSetSize
GetCurrentProcess
InterlockedCompareExchange
GetCommandLineA
GetTickCount
ExitProcess
GetCurrentThreadId
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InitializeCriticalSection
HeapReAlloc
QueryPerformanceCounter
lstrcmpiA
GetDateFormatA
HeapAlloc
FileTimeToSystemTime
LeaveCriticalSection
GetProcAddress
WinExec
lstrlenA
EnterCriticalSection
VirtualAlloc
DeleteCriticalSection
GetCurrentProcessId
lstrlenW

user32

LoadBitmapA
WinHelpA
GetWindowLongA
GetDlgItem
DialogBoxParamW
SetCursor
CallMsgFilterA
LoadImageA
DialogBoxIndirectParamW
GetDlgItemTextA
GetParent
MessageBeep
ShowWindow
SetWindowLongA
DialogBoxParamA
LoadCursorA
SendDlgItemMessageA
ReleaseDC
EnableWindow
SendMessageA
EndDialog
SendMessageW
LoadStringA
DialogBoxIndirectParamA
CreateWindowExW
GetWindowRect
SetDlgItemTextA
GetSysColor
GetDC

shell32

ShellExecuteA

wintrust

WTHelperCertIsSelfSigned
WTHelperGetProvSignerFromChain
WintrustAddActionID
WinVerifyTrust
WintrustRemoveActionID
WTHelperGetProvCertFromChain

gdi32

DeleteObject
GetTextMetricsA
GetTextExtentPointW
SelectObject
GetTextMetricsW
GetTextExtentPointA

crypt32

CryptMsgDuplicate

samlib

SamRemoveMultipleMembersFromAlias

ntdll

RtlUnwind

Sections

.text
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 404KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0957fed02ed7b0325f4b36ed593fe48b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

wintrust

gdi32

crypt32

samlib

ntdll

Sections

.text Size: 1024B - Virtual size: 952B

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 404KB - Virtual size: 936KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 32KB - Virtual size: 31KB

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 1024B - Virtual size: 952B

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 404KB - Virtual size: 936KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 32KB - Virtual size: 31KB

.idata
Size: 2KB - Virtual size: 2KB