986da030f391a776ecd620f904183899

Sharing

Copy URL Twitter E-mail

General

Target

986da030f391a776ecd620f904183899
Size

167KB
MD5

986da030f391a776ecd620f904183899
SHA1

cf8c27ba5b891cb565ea3cc5207a16d5cc4ec5f0
SHA256

7914a5093ff963c9a540034b500ffc44aecf722e70a386d2e45e8cb81cfbc4c3
SHA512

db6c8b38f9e5d79975d4e32d79156e3c2da1a7282db34990650b1d2102d8170e0f2029d4700487f08ae8080b95dcc4684da159e6659bb24249e6a221ac65c054
SSDEEP

3072:CW1DSe3PfvvXyP6RMRuoXS8jzXx6N/VaSwd1JunXoUFHvRTu:CkD/3XynAoX0VazL0YZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
986da030f391a776ecd620f904183899

Files

986da030f391a776ecd620f904183899
.exe windows:5 windows x86 arch:x86

ff741c9bac599a46aef7a4a707779b17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeA
GetVersion
GetCurrentProcessId
lstrlenW
GetConsoleOutputCP
RemoveDirectoryA
GlobalFindAtomA
lstrcmpA
GetModuleHandleA
GetACP
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCurrentProcess
GetCurrentThreadId
DeleteFileA
IsDebuggerPresent
lstrcmpiW
VirtualAlloc
GetOEMCP
VirtualFree
MulDiv
GetUserDefaultLangID
CopyFileA
GetWindowsDirectoryA
GetCurrentThread
SetCurrentDirectoryA
GetCommandLineA
GetModuleHandleW
GetProcessHeap
lstrcmpiA
GlobalFindAtomW
GetStartupInfoA
GetThreadLocale
DeleteFileW
lstrlenA

gdi32

SetTextColor
GetClipBox
SelectObject
GetObjectA
SetTextAlign
SetMapMode
CreatePen
DeleteDC
CreatePalette
RestoreDC
RectVisible
SelectPalette
CreateCompatibleDC
PatBlt
GetTextMetricsA
DeleteObject
GetPixel
GetStockObject
GetDeviceCaps
CreateFontIndirectA
SetStretchBltMode
SaveDC
CreateSolidBrush
LineTo

user32

TranslateMessage
GetSystemMetrics
GetParent
GetDesktopWindow
CharNextA
GetDC

glu32

gluNurbsCallback

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Shrqt, W
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Rpgy Ngh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff741c9bac599a46aef7a4a707779b17

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

glu32

Sections

.text Size: 11KB - Virtual size: 11KB

Shrqt, W Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 25KB

Rpgy Ngh Size: 512B - Virtual size: 4KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: 11KB - Virtual size: 11KB

Shrqt, W
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 25KB

Rpgy Ngh
Size: 512B - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 27KB - Virtual size: 27KB