874919a028416553d40da9975f98f984

Sharing

Copy URL Twitter E-mail

General

Target

874919a028416553d40da9975f98f984
Size

148KB
MD5

874919a028416553d40da9975f98f984
SHA1

7eea9cfe79de075d0c532a81d47e74617c8f2b06
SHA256

49c560785fcbf95fc63bca8ade055a1556b9cf38921cef915dc8f6e808a2e9ea
SHA512

21400c6fc71aff199b5ef607d048f015ab53531c69873b8874009fce452b7142c92fbb59f63f9ccceebd77247d7cee6d0d89bd9901359cd2545394de46dc0884
SSDEEP

3072:924IT7FcEAJaDj3o4jjGRmaD/K3vUFOSkSSB:E4A+anGRmaD/KCiB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
874919a028416553d40da9975f98f984

Files

874919a028416553d40da9975f98f984
.exe windows:4 windows x86 arch:x86

6330fe1ccbaf8138d8f39e3f0ef6462c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\temp\vx.pdb

Imports

kernel32

Sleep
CreateEventA
GetLastError
VirtualAlloc
GetProcAddress
PulseEvent
OpenMutexA
InterlockedExchange
CloseHandle
GetSystemInfo
VirtualProtect
GetLocaleInfoA
FlushFileBuffers
RtlUnwind
ExitProcess
CreateFileA
GetStringTypeW
GetStringTypeA
GetModuleHandleA
LCMapStringW
ResetEvent
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
SetEndOfFile
ReadFile
SetFilePointer
SetStdHandle
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
VirtualQuery

user32

LoadIconA
FindWindowA
ShowWindow
LoadBitmapA

gdi32

CreateCompatibleDC

psapi

GetProcessMemoryInfo

avifil32

AVIFileInit

msvfw32

DrawDibClose

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6330fe1ccbaf8138d8f39e3f0ef6462c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

psapi

avifil32

msvfw32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 7KB

.vdata Size: 64KB - Virtual size: 63KB

.rsrc Size: 44KB - Virtual size: 40KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 7KB

.vdata
Size: 64KB - Virtual size: 63KB

.rsrc
Size: 44KB - Virtual size: 40KB