8bb53e380f612ebaf6673dfbeead656e

Sharing

Copy URL

Twitter E-mail

General

Target

8bb53e380f612ebaf6673dfbeead656e
Size

1.8MB
MD5

8bb53e380f612ebaf6673dfbeead656e
SHA1

2f070891418f77d93be80a956440b6f27ffcdb65
SHA256

49e7a9c06e8c9feedfb428efae3e35f7c030eba99fc7838ed0a683bda8e167f1
SHA512

735a2e14d50b5b3563032afed0ab8d2ce7bfee4c8b8147829a4c9f8f6c48f141ac3c9262b927091cb099e8273a61d7587ac2fb3aa8425d10fb3d2589d2fa65e8
SSDEEP

6144:csiCs6KaxCBgS7bn4prHf5ytojFFXdStQrRPJ:cfH6KaxCBsrrXdrRPJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bb53e380f612ebaf6673dfbeead656e

Files

8bb53e380f612ebaf6673dfbeead656e
.exe windows:5 windows x86 arch:x86

0dff924e97b5b8f1122132f97a1415ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmMetrics

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
__setusermatherr
memset

comctl32

_TrackMouseEvent
InitCommonControlsEx

kernel32

GetStartupInfoA
ExitProcess
GetModuleHandleA
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetErrorMode
GetCommandLineA
LoadLibraryA
LeaveCriticalSection
GetTickCount
EnterCriticalSection
InitializeCriticalSection
IsValidCodePage
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CloseHandle

user32

EmptyClipboard
DrawIconEx
DispatchMessageW
DestroyCursor
CopyIcon
AppendMenuW
GetKeyState

gdi32

MoveToEx
LineTo
GetTextMetricsW
GetTextExtentPoint32W
GetStockObject
GetObjectW
GetDeviceCaps
GetCurrentObject
PtVisible
FillRgn
ExtTextOutW
DeleteObject
DeleteDC
SetBkColor
SetBkMode
SetTextJustification
RectVisible
FrameRgn
SelectObject
SetTextColor
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreateFontW
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
Escape

rpcrt4

UuidCreate

winspool.drv

ClosePrinter
OpenPrinterW
EnumPrintersW
DocumentPropertiesW

advapi32

RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges
RegFlushKey
RegGetKeySecurity
RegLoadKeyW
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryMultipleValuesA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegQueryValueW
RegSetKeySecurity
RegQueryInfoKeyW
RegSetValueExW
RegUnLoadKeyW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

shlwapi

PathFileExistsW

Sections

.text
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifx
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dff924e97b5b8f1122132f97a1415ab

Headers

File Characteristics

Imports

msacm32

msvcrt

comctl32

kernel32

user32

gdi32

rpcrt4

winspool.drv

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 424KB - Virtual size: 422KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 648B

.ifx Size: 8KB - Virtual size: 4KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 424KB - Virtual size: 422KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 648B

.ifx
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB