98ef0831ba089bff47a362271e5249b6

Sharing

Copy URL Twitter E-mail

General

Target

98ef0831ba089bff47a362271e5249b6
Size

175KB
MD5

98ef0831ba089bff47a362271e5249b6
SHA1

9f3cfbac2ae3b6928ea6b24b6afcceea4714a2b6
SHA256

3c2593cbe0d2cafaa681f5723ef6b88ac5e8426fd4e160665782e2205e84f76b
SHA512

f1fda44d4a5aa7ff29098cb5ea4bda5879a71b04ab6cb0ce830d45c173ae4a18c798c253141543959824f41e6980624c573a0e136e384a07eac83d466e91f7be
SSDEEP

3072:/ooh6xY0ZCvODF5o8h6/oPkD5hONlI/NpDTwEFTIlOrjpe1lzyRJ:fh0YkCvaFCe6s8Clg7TwEVF41RyD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98ef0831ba089bff47a362271e5249b6

Files

98ef0831ba089bff47a362271e5249b6
.exe windows:4 windows x86 arch:x86

8b790f5f6e8cad5324906bd8d0deaf87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

kernel32

GetModuleFileNameA
HeapDestroy
GetStringTypeW
VirtualProtect
GetStdHandle
GetCPInfo
VirtualAlloc
GetShortPathNameW
QueryPerformanceCounter
GetProcessAffinityMask
IsBadCodePtr
GetCommandLineA
GetStringTypeA
GetSystemInfo
GetTickCount
IsBadWritePtr
VirtualQuery
GetOEMCP
SetStdHandle
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
FreeEnvironmentStringsW
EnumResourceTypesW
GetStartupInfoA
UnhandledExceptionFilter
GetEnvironmentStrings
HeapSize
HeapAlloc
FlushFileBuffers
IsBadReadPtr
HeapFree
GetFileAttributesA
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
HeapCreate
SetHandleCount
VirtualFree
GetFileType
WriteFile
HeapReAlloc
SetFilePointer
ExitProcess

gdi32

PtVisible
SetTextColor
OffsetViewportOrgEx
Escape
SetMapMode
DeleteDC
ExtTextOutW
RestoreDC
CreateBitmap
ScaleWindowExtEx
SetViewportOrgEx
SelectObject
GetClipBox
DeleteObject
SetWindowExtEx
TextOutW
GetDeviceCaps
SetBkColor
ScaleViewportExtEx
SaveDC
RectVisible
SetViewportExtEx
GetStockObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

PathFindFileNameW
PathAppendW
PathFileExistsW
PathFindExtensionW

user32

GetLastActivePopup
GetWindowTextW
ReleaseDC
GetWindowLongW
GetSysColor
LoadBitmapW
GetParent
EnableMenuItem
ModifyMenuW
GetSystemMetrics
MessageBoxW
GetDC
CheckMenuItem
LoadCursorW
GetMenuCheckMarkDimensions
IsWindowEnabled
EnableWindow
GetSysColorBrush

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b790f5f6e8cad5324906bd8d0deaf87

Headers

File Characteristics

Imports

shell32

ole32

kernel32

gdi32

advapi32

shlwapi

user32

winspool.drv

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 70KB - Virtual size: 70KB

.tls Size: 1024B - Virtual size: 380KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 70KB - Virtual size: 70KB

.tls
Size: 1024B - Virtual size: 380KB