8fdbb2714edab7dc492dcf44889676c1

Sharing

Copy URL Twitter E-mail

General

Target

8fdbb2714edab7dc492dcf44889676c1
Size

218KB
MD5

8fdbb2714edab7dc492dcf44889676c1
SHA1

ed8a410f59148439bc759dabb2e3385e2082d089
SHA256

f01188ceb011b984dfce63b555ff1aa25d92e092a7d3a0531f7291e90f8e8eaf
SHA512

0d25cbbc91136c41230523dc5cf2a0ffd55c7632884ece473a85b765c9e214e84e5df1ec4bd3c603205147db1d4e0d393ad09967c375bba7c049db86ea76b290
SSDEEP

6144:aXXtIAkKzKEZ0B/6Q3kL7JzSyleGrY3UBtzlY5Sjx:a80Z0B/zk/ZvpHdi5Sj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fdbb2714edab7dc492dcf44889676c1

Files

8fdbb2714edab7dc492dcf44889676c1
.exe windows:5 windows x86 arch:x86

b86e9b439cf5c6899c08cf0be9e1257d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
EnableWindow
GetWindowRect
PostQuitMessage
GetClientRect
IsWindow
GetSysColor
DefWindowProcA
SetCursor
KillTimer
SendMessageA
EndDialog
SetWindowLongW
MessageBoxW
CharNextA
LoadStringA
wsprintfW
MessageBoxA
wsprintfA
BeginPaint
GetDC
DispatchMessageA
UpdateWindow
GetDlgItem
SendMessageW
SetWindowPos
GetWindowLongA
GetParent
CharNextW
GetWindowLongW
CreateWindowExA
PostMessageW

advapi32

CloseServiceHandle
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegDeleteValueA
AllocateAndInitializeSid
RegCreateKeyExA
FreeSid
InitializeSecurityDescriptor
RegEnumValueW
OpenThreadToken
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
GetTokenInformation
RegDeleteKeyA
RegCreateKeyExW
RegSetValueExA
RegSetValueExW
OpenProcessToken
RegEnumKeyExA
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW

oleaut32

SetErrorInfo
OleLoadPicture
CreateErrorInfo
RegisterTypeLib
GetActiveObject
LoadTypeLibEx
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayPutElement
SysAllocStringLen
SysReAllocStringLen
VariantChangeType
VariantChangeTypeEx
SysStringByteLen
VariantCopyInd
SafeArrayGetUBound
SysAllocStringByteLen
GetErrorInfo
VariantCopy
SafeArrayGetLBound
VariantInit
LoadTypeLib
SysFreeString
SafeArrayGetElement

kernel32

LockResource
IsDBCSLeadByte
FileTimeToLocalFileTime
ExitProcess
GetFullPathNameW
AddAtomW
VirtualAlloc
CloseHandle
GetLastError
RemoveDirectoryW
SetFileAttributesA
CreateFileMappingW
CreateFileMappingA
FindNextFileA
GetCurrentProcess
GetComputerNameW
IsValidCodePage
GetCommandLineW
GetExitCodeProcess
DeviceIoControl
MulDiv
FindResourceA
CreateProcessW
VirtualFree
SizeofResource
IsBadCodePtr
lstrcatW
RaiseException
CreateMutexA
OpenProcess
CreateDirectoryA
WriteConsoleW
LoadLibraryExA
CreateMutexW
ExpandEnvironmentStringsA
ReleaseSemaphore
SetThreadPriority
GetWindowsDirectoryW
GetCurrentDirectoryW
GetTempPathA
OutputDebugStringW
ResumeThread
CopyFileW

shell32

PathResolve
DAD_DragEnterEx
GetFileNameFromBrowse
Shell_MergeMenus
DAD_DragLeave
DAD_DragMove
SHILCreateFromPath
SHChangeNotifyRegister
IsNetDrive
DllCanUnloadNow
SHCoCreateInstance
PickIconDlg
RestartDialog
DllGetClassObject
DriveType
DragFinish
DllRegisterServer
Shell_GetCachedImageIndex
PifMgr_OpenProperties
SHGetSetSettings
DllInstall
DllUnregisterServer
Shell_GetImageLists
DllGetVersion
DragAcceptFiles
PathQualify
SHChangeNotifyDeregister
SHDefExtractIconW
SHStartNetConnectionDialogW

rpcrt4

MesInqProcEncodingId
DceErrorInqTextW
NDRSContextMarshallEx
MesDecodeIncrementalHandleCreate
NdrAsyncClientCall
DllGetClassObject
NdrConformantStructBufferSize
CreateStubFromTypeInfo
NdrClientInitialize
NdrByteCountPointerFree
MesIncrementalHandleReset
NDRCContextBinding
MesHandleFree
NdrByteCountPointerUnmarshall
MesDecodeBufferHandleCreate
NDRSContextMarshall
NdrAsyncServerCall
NDRCContextMarshall
NdrAllocate
CStdStubBuffer_CountRefs
DllRegisterServer
MesBufferHandleReset
MesEncodeFixedBufferHandleCreate
NdrByteCountPointerBufferSize

Sections

.textbss
Size: - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b86e9b439cf5c6899c08cf0be9e1257d

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

oleaut32

kernel32

shell32

rpcrt4

Sections

.textbss Size: - Virtual size: 452KB

.debug Size: 17KB - Virtual size: 17KB

.text Size: 512B - Virtual size: 474B

.idata Size: 121KB - Virtual size: 121KB

.rdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 39KB - Virtual size: 38KB

.data Size: 19KB - Virtual size: 19KB

.textbss
Size: - Virtual size: 452KB

.debug
Size: 17KB - Virtual size: 17KB

.text
Size: 512B - Virtual size: 474B

.idata
Size: 121KB - Virtual size: 121KB

.rdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 39KB - Virtual size: 38KB

.data
Size: 19KB - Virtual size: 19KB