879a7d3dfe5891acedbeb79ecb66161b

Sharing

Copy URL

Twitter E-mail

General

Target

879a7d3dfe5891acedbeb79ecb66161b
Size

210KB
MD5

879a7d3dfe5891acedbeb79ecb66161b
SHA1

1644ffc76f698c49376113ad8736db7663fb9683
SHA256

3e3d076b7cf6b25043b23cffc19d680eb3d232c6d680f67c06fb607297320168
SHA512

ae060edaec80e3874b0a20e5b0a51aeee7d6f43f4957e31ccbb819fc65d74e9a2f2c1f2991523c683289ef86761f1ae98d0e311706107fcfb1bf200fe71e463b
SSDEEP

3072:nKnh2p1osZBKfZcdYKzl4Of98uLotDhU9RObZQRFs5Oc3FY4MB8htN2hOs:ngcQZwJ4OV8ioB+9oZQRFI1Y4+th

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
879a7d3dfe5891acedbeb79ecb66161b

Files

879a7d3dfe5891acedbeb79ecb66161b
.exe windows:5 windows x86 arch:x86

9579e3c2e958cd2b6d3032701d288d75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
HeapDestroy
MapViewOfFile
VirtualAlloc
OutputDebugStringA
SetEnvironmentVariableA
ExitProcess
DeleteCriticalSection
SetHandleCount
GetVolumeInformationW
lstrcmpW
GetThreadLocale
InterlockedExchange
CopyFileA
FindResourceW
HeapSize
LCMapStringA
GetProcessHeap
FreeLibrary
InitializeCriticalSection
GetModuleHandleA
FreeResource
RaiseException
Sleep
FormatMessageA
SetEvent
lstrcpyA
lstrlenW
GetCurrentThreadId
GlobalAlloc
GetStartupInfoA
GetDriveTypeA
GetEnvironmentStrings
LeaveCriticalSection
LockResource
GetOEMCP
SetLastError
WriteConsoleA
GetSystemDirectoryA
MultiByteToWideChar
IsBadReadPtr
InterlockedCompareExchange
TlsGetValue
EnterCriticalSection
WideCharToMultiByte
ReadFile
SetFilePointer
GetVersion
GetModuleFileNameA
FreeEnvironmentStringsA
HeapCreate
TerminateProcess
ReleaseMutex
FlushFileBuffers
GlobalUnlock

user32

EndDialog
RegisterClassW
LoadIconA
ShowWindow
GetMenuItemCount
CharNextA
LoadMenuW
LoadStringA
DestroyIcon
PostQuitMessage
PtInRect
SetTimer
DispatchMessageW
SetForegroundWindow
GetWindowTextLengthW
DefWindowProcW
LoadStringW

msvcrt

_onexit
_initterm
wcschr
_purecall
_errno
_exit

opengl32

glPushMatrix

ntdll

NtCurrentTeb

gdi32

CombineRgn
GetDIBits
DeleteDC
SetWindowExtEx
SelectObject

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9579e3c2e958cd2b6d3032701d288d75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

opengl32

ntdll

gdi32

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 2KB - Virtual size: 153KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 2KB - Virtual size: 153KB

.rsrc
Size: 2KB - Virtual size: 2KB