87814ec20b934edcb23f3a9508339cf2

Sharing

Copy URL Twitter E-mail

General

Target

87814ec20b934edcb23f3a9508339cf2
Size

135KB
MD5

87814ec20b934edcb23f3a9508339cf2
SHA1

cce1d6a9281d098eb3eb8c630d882aaf0703567f
SHA256

e40f66140813d3809a56151c966be40c1769d560e6b117dd8361c248d49df09b
SHA512

b6d9bb4a0bcfe2220c38a2c649dd66888f9ef3f883d91c445977bae5c59e72683323844853b61d23e838f4f0ce0592051af6a48627d21a57090114e5fa9fbfbf
SSDEEP

3072:1bf/yUE1RgzRNxn92D/gmdSm+4ciKDcPuMoACxKr:kU4mNNJ9MdSMoeqH0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87814ec20b934edcb23f3a9508339cf2

Files

87814ec20b934edcb23f3a9508339cf2
.exe windows:5 windows x86 arch:x86

07b5c2d06e7a3ae9a599199f80b9c791

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStartupInfoA
GetEnvironmentVariableA
GetModuleHandleA
GlobalUnlock
ExpandEnvironmentStringsA
LocalFree
VirtualProtect
GetLocaleInfoW

msvcrt

_acmdln
__setusermatherr
_vsnprintf
_XcptFilter
_initterm
__set_app_type
strrchr
exit
__p__fmode
_adjust_fdiv
strtok
__p__commode
_filelengthi64
_mktemp
clearerr
strerror
swprintf
calloc
log
_except_handler3
__getmainargs

user32

DrawIconEx
SetCursor
GetCapture
DestroyCursor
GetCursorPos

oleaut32

VariantCopyInd
SysAllocStringLen
SafeArrayPutElement
SysStringByteLen
GetErrorInfo
SafeArrayGetElement
LoadTypeLib
SafeArrayPtrOfIndex
SysFreeString

advapi32

RegOpenKeyW
RegEnumValueW
OpenSCManagerA
CheckTokenMembership
CopySid
AdjustTokenPrivileges
OpenThreadToken
GetSecurityDescriptorDacl
CryptAcquireContextA
RegSetValueExA
GetTokenInformation
RegQueryValueExA
RegEnumKeyA
CryptGenRandom

version

GetFileVersionInfoA
VerInstallFileA
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHBrowseForFolderA
ExtractIconExW
ExtractIconA
SHBrowseForFolderW
DragQueryFileW

gdi32

LineTo
SetTextColor
RemoveFontResourceA
SetPolyFillMode
EnumFontFamiliesExA
EnumFontFamiliesW

comctl32

ImageList_Remove
ImageList_EndDrag
CreateStatusWindowA
ImageList_Read
ImageList_Add
ImageList_SetOverlayImage
CreatePropertySheetPageW

ole32

CoSetProxyBlanket
OleSetClipboard
CreateBindCtx
StringFromCLSID
ReleaseStgMedium
CoInitialize
DoDragDrop
OleDraw

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

07b5c2d06e7a3ae9a599199f80b9c791

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

oleaut32

advapi32

version

shell32

gdi32

comctl32

ole32

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 48KB - Virtual size: 48KB

.rsrc Size: 22KB - Virtual size: 100KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 22KB - Virtual size: 100KB