98c6943c14e78b21958eb5b0cc52886d

Sharing

Copy URL Twitter E-mail

General

Target

98c6943c14e78b21958eb5b0cc52886d
Size

422KB
MD5

98c6943c14e78b21958eb5b0cc52886d
SHA1

a16db70b89c22f890542137ae18ac3adb2c1b5b6
SHA256

70b11763789241697b92838579a299e2a20cd557138d5e5ed18533fab2fccc52
SHA512

3a0cbbda4149fbe3da8681796b6b15e68708726a843a050f7ac0bb38af6e190fa71bec418596adbf9978311a933319b57b514a60d54bf0baa27e0836560b42a2
SSDEEP

12288:Ya/lcdH1tNYpbqhmy2dVuDX9/veKvbVfFRPSTpDs:Ya/lgfbmCNxZDPS9s

Score

1^/10

Malware Config

Signatures

Files

98c6943c14e78b21958eb5b0cc52886d
.exe windows:4 windows x86 arch:x86

33190ba76eb9dab49bc06433e64900dc

Code Sign

7d:65:30:c1:97:c1:06:b1:4d:2f:83:48:a7:1a:b4:e6
Certificate

Issuer

CN=twhtngbhetd

Not Before

19/11/2011, 14:50

Not After

10/08/2022, 22:00

Subject

CN=Wesade Jytever

2c:46:14:70:b2:66:df:9b:96:57:87:54:a2:9c:9a:34:58:90:db:13
Signer

Actual PE Digest

2c:46:14:70:b2:66:df:9b:96:57:87:54:a2:9c:9a:34:58:90:db:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetTopWindow
GetForegroundWindow
SetWindowPlacement
GetClientRect
CreateDialogParamA
ArrangeIconicWindows
EndDialog
EnumChildWindows
IsDialogMessageA
SendMessageA
RegisterWindowMessageA
FindWindowA
MessageBoxExA

ole32

CoDisconnectObject
CoGetStandardMarshal
OleSetAutoConvert
CoMarshalInterface
CoUnmarshalHresult
CoTaskMemRealloc
OleGetIconOfFile
CoFreeUnusedLibraries
GetClassFile
CoUninitialize
CoInitialize
OleCreateFromFile

comctl32

ord6

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetLastError
TlsGetValue
FreeEnvironmentStringsW
GetModuleHandleA
GetProcAddress
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fswszf
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ikyv
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33190ba76eb9dab49bc06433e64900dc

Code Sign

7d:65:30:c1:97:c1:06:b1:4d:2f:83:48:a7:1a:b4:e6Certificate

2c:46:14:70:b2:66:df:9b:96:57:87:54:a2:9c:9a:34:58:90:db:13Signer

Headers

File Characteristics

Imports

user32

ole32

comctl32

kernel32

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 93KB

fswszf Size: 283KB - Virtual size: 283KB

ikyv Size: 110KB - Virtual size: 109KB

.rsrc Size: 5KB - Virtual size: 5KB

7d:65:30:c1:97:c1:06:b1:4d:2f:83:48:a7:1a:b4:e6
Certificate

2c:46:14:70:b2:66:df:9b:96:57:87:54:a2:9c:9a:34:58:90:db:13
Signer

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 93KB

fswszf
Size: 283KB - Virtual size: 283KB

ikyv
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 5KB - Virtual size: 5KB