9016034f31f1667bf2decc311f865d26

Sharing

Copy URL Twitter E-mail

General

Target

9016034f31f1667bf2decc311f865d26
Size

511KB
MD5

9016034f31f1667bf2decc311f865d26
SHA1

88d32b15dbf17e5c754632fb29311aa744a60603
SHA256

16a659dc5a0b15e062e1a8b9908376cd4ace456fe80bc2041c75cef2b54a5b88
SHA512

5fb53f9fadbc8345c409dfc0491e9935b64679e3183d932b6ccd650a1ca80a47dfd2757c914b5b1d8851a6c12b08c68f1e66c63bb05a22d15ea3fb4af01cdcc3
SSDEEP

12288:ROu/2ibtXWqghinBIzoonI5bc4hIGGRZSeuAoQUFMpsHo:wueibhgAgoGI5g4y3SJAoQ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9016034f31f1667bf2decc311f865d26

Files

9016034f31f1667bf2decc311f865d26
.exe windows:4 windows x86 arch:x86

87417389822769b04841a7c4f8d57c2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\snogte

Imports

user32

CopyImage
SetClassLongA
UnhookWindowsHook
RegisterClassExA
DdeQueryNextServer
FlashWindowEx
UpdateWindow
SetKeyboardState
RegisterClassA
MapVirtualKeyExW
GetMessagePos
GetKeyboardType
ExitWindowsEx
SetMenuInfo
EnableWindow
SendMessageTimeoutA

kernel32

DeleteCriticalSection
HeapFree
FreeEnvironmentStringsA
InterlockedIncrement
UnhandledExceptionFilter
HeapCreate
IsValidCodePage
GlobalFindAtomA
ReadFile
GetPrivateProfileStructW
VirtualAlloc
GetLocaleInfoW
GetStringTypeA
GetStartupInfoA
GetModuleFileNameA
WriteConsoleA
GetTickCount
TlsSetValue
Sleep
EnumSystemLocalesA
GetCurrentThread
GetSystemTimeAsFileTime
GetLastError
SetFilePointer
QueryPerformanceCounter
GetSystemTimeAdjustment
SetLastError
CloseHandle
EnterCriticalSection
ExitProcess
TlsFree
GetACP
GetCurrentThreadId
SetEnvironmentVariableA
LoadResource
FlushFileBuffers
SetStdHandle
GetModuleHandleW
GetCurrentProcessId
RtlUnwind
WideCharToMultiByte
GetLocaleInfoA
EnumTimeFormatsA
GetOEMCP
HeapReAlloc
HeapDestroy
VirtualFree
MoveFileW
LCMapStringA
GetTimeZoneInformation
CreateWaitableTimerA
LoadLibraryA
FreeLibrary
InterlockedExchange
GetModuleHandleA
VirtualProtect
MultiByteToWideChar
TerminateProcess
InterlockedDecrement
SetConsoleCtrlHandler
HeapAlloc
SetHandleCount
GlobalFree
OpenMutexA
CompareStringA
SetLocaleInfoA
VirtualQuery
WriteFile
TlsAlloc
CompareStringW
IsValidLocale
CreateFileA
GetProcAddress
HeapSize
LeaveCriticalSection
GetProfileSectionA
GetEnvironmentStringsW
TlsGetValue
CopyFileA
GetTimeFormatA
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
GetThreadTimes
LCMapStringW
CreateMutexA
GetDateFormatA
GetEnvironmentStrings
WriteConsoleW
LocalFileTimeToFileTime
GetConsoleCP
GetFileType
GetStdHandle
GetCPInfo
GetCommandLineA
IsDebuggerPresent
GetStringTypeW
CreateNamedPipeA
FreeEnvironmentStringsW
InterlockedExchangeAdd
GetConsoleMode
GetUserDefaultLCID
GetCurrentProcess
SetUnhandledExceptionFilter
GetLongPathNameW

comctl32

InitCommonControlsEx

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87417389822769b04841a7c4f8d57c2b

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 331KB - Virtual size: 331KB

.rdata Size: 60KB - Virtual size: 89KB

.data Size: 104KB - Virtual size: 104KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 331KB - Virtual size: 331KB

.rdata
Size: 60KB - Virtual size: 89KB

.data
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 13KB - Virtual size: 13KB