95f81548abbad001756cc3f97f3877aa

Sharing

Copy URL

Twitter E-mail

General

Target

95f81548abbad001756cc3f97f3877aa
Size

254KB
MD5

95f81548abbad001756cc3f97f3877aa
SHA1

f368d6e47c81640a67d29221869c583950aef9f9
SHA256

00891bf787e2d21066735c46616d35ba33a7d3b2ae09851134af3364f800f2ac
SHA512

e8a14e42396caf472faa57591d70817987a3b1bbf62720dff53df7808f2b7ff428c556bf4b13bb680bc8a7f7a809139ea56d96aee3646e854c351b23b347ab42
SSDEEP

6144:OoRAgaL8J0IN95ccRQPXNBjv6D17F23nS:OoCgn0INT3y/NBbW6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95f81548abbad001756cc3f97f3877aa

Files

95f81548abbad001756cc3f97f3877aa
.exe windows:5 windows x86 arch:x86

f5a3262b2bb212ba74bdda1d7369080b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
ioctlsocket

shell32

SHGetFileInfoA

comdlg32

GetOpenFileNameW

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

WideCharToMultiByte
lstrcmpiA
HeapAlloc
OutputDebugStringA
FormatMessageA
GetCommandLineW
SetLastError
GetSystemDirectoryA
SystemTimeToTzSpecificLocalTime
CloseHandle
GetTimeZoneInformation
GetWindowsDirectoryA
HeapFree
GetProcessHeap
GetCurrentThreadId
DeleteCriticalSection
LoadLibraryExA
LocalFree
GetModuleHandleA
FreeLibrary
FileTimeToSystemTime
GetCurrentDirectoryA
VirtualAllocEx

oleaut32

SysAllocStringLen
SysFreeString

user32

LockWindowUpdate
EnumThreadWindows
LoadIconA
DestroyIcon
SetFocus
PostMessageA
GetSystemMetrics
DrawIconEx

ole32

CoInitialize
CoUninitialize
CoCreateInstance

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
RegOpenKeyExA
GetTokenInformation
FreeSid
RegQueryValueExA
OpenProcessToken

winspool.drv

OpenPrinterW
AddJobA
AddPrintProvidorW
DeletePrintProcessorW
FindFirstPrinterChangeNotification
GetJobA
EnumPrinterKeyW
StartPagePrinter
AddFormA
GetFormA
EnumPrinterDataA
EnumPrinterDataExA
AddPrintProcessorW
DeleteMonitorW
AddPortExW
DeletePrinterDataW
EnumPrinterDriversW

fontsub

MergeFontPackage

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lwHPvdw
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qAbmC
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idEvcM
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jHmBHBG
Size: 512B - Virtual size: 311B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.olCwoL
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zkTVbsE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pUzBO
Size: 104KB - Virtual size: 947KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HuyUpSi
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bVHo
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VmJzep
Size: 512B - Virtual size: 251B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TDJw
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5a3262b2bb212ba74bdda1d7369080b

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

shell32

comdlg32

version

kernel32

oleaut32

user32

ole32

advapi32

winspool.drv

fontsub

Sections

.text Size: 19KB - Virtual size: 18KB

.lwHPvdw Size: 1024B - Virtual size: 851B

.qAbmC Size: 1KB - Virtual size: 1KB

.idEvcM Size: 1024B - Virtual size: 986B

.jHmBHBG Size: 512B - Virtual size: 311B

.rdata Size: 2KB - Virtual size: 2KB

.olCwoL Size: 2KB - Virtual size: 1KB

.zkTVbsE Size: 2KB - Virtual size: 1KB

.pUzBO Size: 104KB - Virtual size: 947KB

.data Size: 110KB - Virtual size: 1.3MB

.HuyUpSi Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.bVHo Size: 3KB - Virtual size: 2KB

.VmJzep Size: 512B - Virtual size: 251B

.TDJw Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.lwHPvdw
Size: 1024B - Virtual size: 851B

.qAbmC
Size: 1KB - Virtual size: 1KB

.idEvcM
Size: 1024B - Virtual size: 986B

.jHmBHBG
Size: 512B - Virtual size: 311B

.rdata
Size: 2KB - Virtual size: 2KB

.olCwoL
Size: 2KB - Virtual size: 1KB

.zkTVbsE
Size: 2KB - Virtual size: 1KB

.pUzBO
Size: 104KB - Virtual size: 947KB

.data
Size: 110KB - Virtual size: 1.3MB

.HuyUpSi
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.bVHo
Size: 3KB - Virtual size: 2KB

.VmJzep
Size: 512B - Virtual size: 251B

.TDJw
Size: 2KB - Virtual size: 1KB