97112b2a8094b7e4e15cfc21ad3b99fd

Sharing

Copy URL Twitter E-mail

General

Target

97112b2a8094b7e4e15cfc21ad3b99fd
Size

176KB
MD5

97112b2a8094b7e4e15cfc21ad3b99fd
SHA1

271dc064741803503ae9ed8d87c0a6d0c8797ded
SHA256

3ecacea7d482267d71825cd1859b4bb97a5d4cc140ba0e5900a0d801d77089c4
SHA512

7d161218a6769b1c2611985bf43160b54268a5094c1a6d58c46edd8edebb7d3e3a617f3a283914a7780a76482c29b501131ff14dbc33cf807941ec7479405f0c
SSDEEP

3072:a1xomlKV7kD6ouZhujYNGyKxV/gc3OXhIQ3h/jY:aKRHU6+dgRB3h/j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97112b2a8094b7e4e15cfc21ad3b99fd

Files

97112b2a8094b7e4e15cfc21ad3b99fd
.exe windows:4 windows x86 arch:x86

5cb44ccf5640b8596eea287fca5984f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
VirtualFree
LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateTimerQueue
ResetEvent
GetLastError
VirtualAllocEx
GetPriorityClass
SuspendThread
CloseHandle
LocalLock
VirtualLock
FindClose
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
HeapReAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
GetSystemInfo

user32

EnumThreadWindows
InSendMessage
IsChild

shell32

SHGetMalloc

psapi

GetModuleInformation
GetProcessMemoryInfo

msvfw32

DrawDibOpen

gdiplus

GdipCreateFromHDC
GdipAlloc
GdipFree
GdiplusShutdown

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sec
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsec
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dsec
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cb44ccf5640b8596eea287fca5984f6

Headers

File Characteristics

Imports

kernel32

user32

shell32

psapi

msvfw32

gdiplus

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 72KB - Virtual size: 71KB

.rsrc Size: 56KB - Virtual size: 54KB

.sec Size: 4KB - Virtual size: 768B

.rsec Size: 4KB - Virtual size: 768B

.dsec Size: 4KB - Virtual size: 96KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 56KB - Virtual size: 54KB

.sec
Size: 4KB - Virtual size: 768B

.rsec
Size: 4KB - Virtual size: 768B

.dsec
Size: 4KB - Virtual size: 96KB