87d7cd813fe6e98ebb5ae4fdf1a50278

Sharing

Copy URL Twitter E-mail

General

Target

87d7cd813fe6e98ebb5ae4fdf1a50278
Size

147KB
MD5

87d7cd813fe6e98ebb5ae4fdf1a50278
SHA1

45f2573c4ac93292c5d63ed74fd7505d9f96c7e2
SHA256

6005d86240e24844903c25b7c67c5e9dd6f5cbc7f59c076184576e76e9e8203b
SHA512

5e1d5393a9922b83f5efd8f77ce7bd053fce3bbcf1efca9e0a3d2916f947b4aa1a7af8e32936ce88f23e11c47681ca766756de10f8637b75f6b300de93799337
SSDEEP

3072:RbU6O4E5wLrbNXytveOKz4JQMBd4cXfjc:W6OLot25TA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87d7cd813fe6e98ebb5ae4fdf1a50278

Files

87d7cd813fe6e98ebb5ae4fdf1a50278
.exe windows:4 windows x86 arch:x86

c5f5c9fc45d23effd0961938b5d9c25a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

IsValidCodePage
FreeEnvironmentStringsA
GetFileAttributesW
SetFileAttributesA
GetSystemTime
RtlUnwind
OpenProcess
GlobalLock
GetEnvironmentVariableA
LocalFileTimeToFileTime
VirtualProtect
GlobalAlloc
SetThreadLocale
GetModuleHandleA
GetStartupInfoA

msvcrt

__set_app_type
__p__fmode
_initterm
_adjust_fdiv
strcspn
_except_handler3
log
gmtime
__initenv
__p__commode
exit
_fullpath
__setusermatherr
_ftol
_pipe
_XcptFilter
_acmdln
__getmainargs

user32

IsWindow
GetScrollPos
DispatchMessageA
RemoveMenu
SetWindowPlacement
RegisterClipboardFormatA
FindWindowA
AdjustWindowRectEx
GetScrollInfo
TrackPopupMenu
GetFocus
IsIconic
GetCursorPos
OffsetRect
DestroyCursor

shell32

DragQueryFileA
SHFileOperationW
SHGetFolderLocation
SHAppBarMessage
Shell_NotifyIconA
SHBrowseForFolder
ExtractIconA
ExtractIconExA

oleaut32

SysAllocStringByteLen
VariantCopy
LoadTypeLib
SafeArrayGetUBound
VariantInit
SysStringByteLen
SafeArrayPutElement
SysStringLen
VariantCopyInd

advapi32

QueryServiceStatus
RegEnumKeyExW
RegQueryValueA
RegEnumKeyA
RegCreateKeyExW
AdjustTokenPrivileges
RegQueryValueExA
LookupPrivilegeValueA
DeregisterEventSource

ole32

ProgIDFromCLSID
IsAccelerator
CoGetInterfaceAndReleaseStream
CLSIDFromProgID
CoSetProxyBlanket
DoDragDrop
CLSIDFromString

comctl32

ImageList_Create
ImageList_Replace
PropertySheetW
CreateStatusWindowA
ImageList_GetIconSize
ImageList_DragShowNolock
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_LoadImageA
ImageList_SetOverlayImage

gdi32

RealizePalette
GetDIBits
CreateICA
FrameRgn
ExtSelectClipRgn
CreateEllipticRgn
GetNearestPaletteIndex
RectInRegion

version

VerQueryValueW
VerInstallFileA
GetFileVersionInfoW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5f5c9fc45d23effd0961938b5d9c25a

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

shell32

oleaut32

advapi32

ole32

comctl32

gdi32

version

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 49KB - Virtual size: 48KB

.rsrc Size: 33KB - Virtual size: 33KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 33KB - Virtual size: 33KB