997be4649ec02def90b719d898584e24

Sharing

Copy URL Twitter E-mail

General

Target

997be4649ec02def90b719d898584e24
Size

396KB
MD5

997be4649ec02def90b719d898584e24
SHA1

a4054fe04216672a8f51c5bb44f5776ca10a10d5
SHA256

da9be4f3e61ac678771dd7bc0efe93379329a928e6c5c6576f158f4b5efcbd6e
SHA512

7f1e505781707599a23e87b46a0c03fa966996850805abb70e3b26e2da0ee004785e1e78c6fcd440276e8011e1ed9ff6e9f41527f37ff87f6d8c37b0f6e4cc21
SSDEEP

12288:wNvTNiuX2NV00XX4w7UqUr3YtRv+uG7jujPyl:UN924KX4wfUrYtRWjjujKl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
997be4649ec02def90b719d898584e24

Files

997be4649ec02def90b719d898584e24
.exe windows:5 windows x86 arch:x86

030bdb3f192718e40b31f847227d6f5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_cexit
_wcmdln
exit
_adjust_fdiv
__p__fmode
_controlfp
_c_exit
_XcptFilter
_vsnwprintf
malloc
wcsncpy

ole32

CoRevokeClassObject
CoInitialize
CoRegisterClassObject
CoCreateInstance
StringFromCLSID

advapi32

RegSetValueExW
RegDeleteValueW
CloseServiceHandle

shlwapi

ord174
StrCpyNW
PathRemoveFileSpecW
wnsprintfW
PathRemoveExtensionW

gdi32

GetStockObject
SetBrushOrgEx
CreatePenIndirect
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW
SetBkMode
CreateSolidBrush
MoveToEx
Ellipse

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHOpenFolderAndSelectItems
SHGetMalloc
SHParseDisplayName
SHGetDesktopFolder

kernel32

SetFileTime
lstrcmpiW
FindNextFileW
WaitForSingleObject
SetEvent
UnmapViewOfFile
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
LoadResource
UnhandledExceptionFilter
VirtualAllocEx
WriteFile
GetFullPathNameW
LocalAlloc
LocalFileTimeToFileTime
MapViewOfFile
FreeLibraryAndExitThread
CreateThread
CreateFileW
CreateProcessW
SystemTimeToFileTime
LeaveCriticalSection
CreateEventA
GetTempFileNameW
CreateEventW
GetCurrentProcess
GlobalLock
lstrlenA
MoveFileW
OpenFileMappingW
FormatMessageW
LoadLibraryExW
CopyFileW
GetWindowsDirectoryW
InterlockedDecrement
Sleep
GetShortPathNameW

user32

GetWindowRect
SetCapture
GetParent
GetCapture
GetForegroundWindow
DialogBoxParamW
CopyRect
GetIconInfo
IsWindowVisible
GetPropW
GetDC
CopyIcon
EnableWindow
MessageBoxW
DrawIconEx
DrawTextW
ReleaseDC
IsWindowEnabled
UpdateWindow
DrawTextExW
LoadImageW
DestroyAcceleratorTable
SetWindowTextW
TranslateMessage
MoveWindow
wsprintfW
SetFocus
DrawFocusRect
SendDlgItemMessageW
MapWindowPoints
ShowWindow
RegisterWindowMessageW
IsRectEmpty
KillTimer
GetMessageW
RegisterClassExW
MessageBoxIndirectW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipGetImageRawFormat
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipFree
GdipGetImageDecoders
GdipSaveAddImage
GdiplusShutdown
GdipCloneImage
GdipGetImageWidth

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

030bdb3f192718e40b31f847227d6f5d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

advapi32

shlwapi

gdi32

shell32

kernel32

user32

gdiplus

Sections

.text Size: 241KB - Virtual size: 241KB

.data Size: 145KB - Virtual size: 145KB

.rsrc Size: 9KB - Virtual size: 368KB

.text
Size: 241KB - Virtual size: 241KB

.data
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 9KB - Virtual size: 368KB