9002b8001150281c0aacd3fa5cb3f4ce

Sharing

Copy URL Twitter E-mail

General

Target

9002b8001150281c0aacd3fa5cb3f4ce
Size

174KB
MD5

9002b8001150281c0aacd3fa5cb3f4ce
SHA1

39fbaf3327ef819a16755da623a71d63d3011c6b
SHA256

a8f19f6ce039b63b5e6155909d6a05e3a2a67bbd33f6df789481dacb9449ff1f
SHA512

6739e5615e404a0b2388e74c4819a0b7deec78081f6d87fc27e3cda8548ec339a1c2edb41ee4bf473f65c1cf61ddcd29ec33de1f2165e533e6f9b8a36eacc2df
SSDEEP

3072:frWExEuH8TNDwBZYFrLtWVaxn+o3jo4sJsxTTsbPeXq/WDkc:aUEVdtn+4oixI20WDk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9002b8001150281c0aacd3fa5cb3f4ce

Files

9002b8001150281c0aacd3fa5cb3f4ce
.exe windows:4 windows x86 arch:x86

87dcf947ce2385e234ff0efedf865327

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
ResetEvent
SetLastError
IsBadHugeReadPtr
GetProcessHeap
GetModuleHandleA
lstrlenA
GetSystemDefaultLangID
ExitThread
SizeofResource
GetFileSize
GetCommandLineA
GlobalAddAtomA
GetStringTypeW
LoadLibraryA
CompareStringA
LoadLibraryExA
GetCommandLineW
GetProcAddress
lstrcpynA
GetVersionExA
LocalFree
SetEndOfFile
Sleep
GetCPInfo
GetACP
VirtualQuery
ExitProcess
GlobalAlloc
HeapDestroy
CloseHandle
GetOEMCP

gdi32

CreateFontIndirectA
CreatePenIndirect

oleaut32

SafeArrayGetElement
SysStringLen
SafeArrayGetUBound
SysReAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
GetErrorInfo
SysFreeString
VariantChangeType
SysAllocStringLen

version

VerInstallFileA
VerFindFileA
GetFileVersionInfoA

advapi32

RegCreateKeyA
RegEnumValueA
RegDeleteKeyA

shlwapi

SHQueryValueExA

ole32

PropVariantClear
ReleaseStgMedium

user32

AdjustWindowRectEx
BeginPaint
CallNextHookEx

comctl32

ImageList_Read
ImageList_Remove
ImageList_Draw
ImageList_Write
ImageList_GetBkColor

Sections

CODE
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87dcf947ce2385e234ff0efedf865327

Headers

File Characteristics

Imports

kernel32

gdi32

oleaut32

version

advapi32

shlwapi

ole32

user32

comctl32

Sections

CODE Size: 42KB - Virtual size: 42KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 7KB

.cdata Size: 1KB - Virtual size: 1KB

.adata Size: 117KB - Virtual size: 117KB

.fdata Size: 512B - Virtual size: 300B

.rsrc Size: 1024B - Virtual size: 884B

CODE
Size: 42KB - Virtual size: 42KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 7KB

.cdata
Size: 1KB - Virtual size: 1KB

.adata
Size: 117KB - Virtual size: 117KB

.fdata
Size: 512B - Virtual size: 300B

.rsrc
Size: 1024B - Virtual size: 884B