896e63088f12322630e42203d50229b5

General

Target

896e63088f12322630e42203d50229b5
Size

114KB
MD5

896e63088f12322630e42203d50229b5
SHA1

0daeb05ca0ade37a023b47e51ce9de4d28f8247a
SHA256

bdd5affb9efc1b6f4b7eb8c2c318abe87a86669202d3aa5a98d015347f677307
SHA512

2f2b943b050a090bb1a42995730df5309959912e819455a23568fd79a662090eb51e737f09e10a18456be508e36392368ce267fb96aca8321410c67b527b61a5
SSDEEP

3072:d5TPKAnytiTIiTFmUth77xYTe3g2ZmiSFrSP:3iAMiUArhXnge

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
896e63088f12322630e42203d50229b5

Files

896e63088f12322630e42203d50229b5
.exe windows:0 windows x86 arch:x86

2c6dad886274f18f614c1c214376d3d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ieapwrbk

ImmCreateContext
IsUserAnAdmin
GetKeyboardLayoutCP
CtfImmIsCiceroEnabled
SdbGetStringTagPtr
ILCombine
ILFindLastID
ImmLockClientImc
DllInstall
PickIconDlg
CtfAImmIsIME
DllUnregisterServer
SdbFindFirstTag
ImmShowSoftKeyboard
SdbOpenDatabase
ImmActivateLayout
IsLFNDrive
ImmReleaseContext
PifMgr_CloseProperties
PathIsExe
SdbSetPermLayerKeys
CtfImmGenerateMessage
SdbGetTagDataSize
ImmSetStatusWindowPos
ExtractAssociatedIconExA
DragQueryPoint
ImmGetCandidateListCountA
DragAcceptFiles

kernel32

CreateThread
WaitForMultipleObjects
HeapFree
GetCurrentDirectoryA
UnmapViewOfFile
GetModuleHandleA
HeapLock
MapViewOfFile
InterlockedExchange
SetFilePointer
InterlockedDecrement
VirtualQueryEx
GetThreadPriority
CopyFileExA
SetFirmwareEnvironmentVariableA
CreateFileA
InterlockedIncrement
LocalAlloc
GetStringTypeExA
GetFileAttributesExA
CreateFileMappingA
ReadFile
SleepEx
OpenThread
SetThreadExecutionState
RtlMoveMemory
RegisterWaitForSingleObject
GetProcessHeaps
HeapAlloc
GetThreadTimes

Sections

.text
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c6dad886274f18f614c1c214376d3d1

Headers

DLL Characteristics

File Characteristics

Imports

ieapwrbk

kernel32

Sections

.text Size: 87KB - Virtual size: 88KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 3KB - Virtual size: 4KB

.text
Size: 87KB - Virtual size: 88KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 3KB - Virtual size: 4KB