806b7982bb745e98191e20cbb0cb0fa0

Sharing

Copy URL Twitter E-mail

General

Target

806b7982bb745e98191e20cbb0cb0fa0
Size

175KB
MD5

806b7982bb745e98191e20cbb0cb0fa0
SHA1

86bc5500aeab65f4b920c2e41b8a19d6bb9555d8
SHA256

513130d1153aef8900a686810e4a84549159f7d68ff0480143d6997a447d7ed9
SHA512

7681d82437498c786c4b4a6590a1248b7831da34f83376f28e980052a93db239e05886e92c790bd68cb827ec2e901dcb89de228e64fc7ed2074431489e9de6ee
SSDEEP

3072:U2eviicnh8ChUeo5IMP2r9lypkiasCPTVUuia3pssLivPJMDpQCQKi/6WM:UNk8cr9EpqhVUub3pI2lQCw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
806b7982bb745e98191e20cbb0cb0fa0

Files

806b7982bb745e98191e20cbb0cb0fa0
.exe windows:5 windows x86 arch:x86

5fd5e6469dfc7c54dba4f04154b455c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LocalAlloc
GetCommandLineA
DeleteFileA
GetStartupInfoA
GetModuleHandleA
SetLastError
RemoveDirectoryA
lstrcpynA
VirtualProtect
LocalFileTimeToFileTime

msvcrt

__p__fmode
_initterm
wctomb
_isatty
__set_app_type
__getmainargs
cos
isspace
isleadbyte
_XcptFilter
_adjust_fdiv
setlocale
memcpy
fgetpos
_except_handler3
exit
atol
_mktemp
_acmdln
__setusermatherr
_wtol
__p__commode
rename
log10
_controlfp

gdi32

GetDCOrgEx
GetStockObject
ExtEscape
CreateHatchBrush
CreateBitmap
DPtoLP
Polyline
EndDoc
GetEnhMetaFileDescriptionA
GetCharWidthW
CreatePolygonRgn
GetBkColor
SetROP2
PlayEnhMetaFile
PolylineTo
FillPath

advapi32

RegOpenKeyA
OpenThreadToken
AddAccessAllowedAce
SetSecurityDescriptorOwner
FreeSid
RevertToSelf
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyExW

ole32

CoGetInterfaceAndReleaseStream
OleGetClipboard
IsAccelerator
StringFromGUID2
OleIsCurrentClipboard
StringFromCLSID
CoRegisterClassObject
CoInitialize
ProgIDFromCLSID

user32

IsIconic
SetFocus
TrackPopupMenu
WaitMessage
GetLastActivePopup
GetCapture
MessageBoxA

version

GetFileVersionInfoW
GetFileVersionInfoA
VerInstallFileA
VerLanguageNameA
VerInstallFileW
GetFileVersionInfoSizeA
VerQueryValueA

oleaut32

SafeArrayPtrOfIndex
GetActiveObject
SysStringByteLen
VariantInit
SysStringLen
SysAllocStringLen

shell32

ExtractIconExW
DragAcceptFiles
SHCreateDirectoryExW
SHGetDiskFreeSpaceExW
DragQueryFileA

comctl32

ImageList_SetImageCount
ImageList_GetIcon
PropertySheetW
ImageList_ReplaceIcon
ImageList_DragLeave
InitCommonControls
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_DragEnter

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tctsmmz
Size: 4KB - Virtual size: 76KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5fd5e6469dfc7c54dba4f04154b455c2

Headers

File Characteristics

Imports

kernel32

msvcrt

gdi32

advapi32

ole32

user32

version

oleaut32

shell32

comctl32

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 17KB - Virtual size: 40KB

.rsrc Size: 107KB - Virtual size: 135KB

tctsmmz Size: 4KB - Virtual size: 76KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 17KB - Virtual size: 40KB

.rsrc
Size: 107KB - Virtual size: 135KB

tctsmmz
Size: 4KB - Virtual size: 76KB