9ad9459d2980f6af1631d45156bda2ca

Sharing

Copy URL Twitter E-mail

General

Target

9ad9459d2980f6af1631d45156bda2ca
Size

40KB
MD5

9ad9459d2980f6af1631d45156bda2ca
SHA1

398ec4e199722f7c8f98738f907a914507a07792
SHA256

3e4382542ad94aa946b4fd8a529d5fd93b965041ea5c537f55a8c01ede4fa5a5
SHA512

090888a8d18330fbd5e90af7590c38980c1c1fbbe10045015ec92be074cef709fa9eabc112125a69523ab2e7f198a6a1ad31e46b0bfef7348f22af516667bc8b
SSDEEP

768:YnuhkxH5oRrMInyFgNfGZeKak35Sa7X2BosPw/Nb:YuhkxH97ifUeBk3wa7mwV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ad9459d2980f6af1631d45156bda2ca

Files

9ad9459d2980f6af1631d45156bda2ca
.exe windows:4 windows x86 arch:x86

ad596d25f24dd2b2c15a7ac7c872548e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

RemoveFontResourceW
GetPath
DeviceCapabilitiesExA
GetMetaRgn
GetLogColorSpaceA
GetBkColor
GetRandomRgn
SetFontEnumeration
StartDocA
FloodFill
GetStockObject
UnrealizeObject
GetMetaFileA
PolylineTo
SetDeviceGammaRamp
TextOutA
SelectClipRgn
GetViewportOrgEx
Polyline
StretchBlt
UpdateColors
GetCurrentPositionEx
GetObjectType
GetCharWidthA
AbortPath
GetPixelFormat

kernel32

lstrcmpW
GetCommandLineW
GetSystemTime
SetCommBreak
ClearCommError
SetDefaultCommConfigW
GetModuleHandleA
InterlockedIncrement
SetLastError
IsDBCSLeadByteEx
GetDiskFreeSpaceExW
ReadConsoleOutputCharacterW
EnumResourceNamesA
ReadConsoleInputA
VDMConsoleOperation
UnlockFile
GetCommandLineA
SetPriorityClass
CreateMailslotW
GetStartupInfoA
GetCurrentProcessId
GetFullPathNameW
SetEnvironmentVariableA
VirtualAlloc
LocalLock
ExitProcess
GetPrivateProfileIntW
ReadConsoleW
EnumDateFormatsExW
VirtualFree
GetVolumeInformationA
GetQueuedCompletionStatus
CmdBatNotification
InitAtomTable
SetConsoleFont
VerifyConsoleIoHandle
LoadLibraryExW
TerminateJobObject
SetConsoleCP
EnumCalendarInfoW
GetNumberOfConsoleInputEvents
HeapDestroy
Sleep
SwitchToFiber

msvcrt

_fpreset
_adj_fdivr_m64
putc
getchar
wcsstr
_osver
__lconv_init
_mbctokata
strncpy
_hypot
setlocale
_amsg_exit
__threadhandle
atof
tanh
towlower
__p___initenv
__wargv
_wmkdir
localtime
__pioinfo
signal
_wputenv
sqrt
__p__winminor
wcsncat
_strtime
strcmp
_toupper
_setjmp
_execlpe

user32

GetActiveWindow
GetClipboardFormatNameA
GetDCEx
GetClassLongW
GetClassInfoA
CharUpperBuffW
EnumDisplaySettingsExW
CreateDesktopA
FindWindowExW
DlgDirListA
GetDoubleClickTime

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hfnml
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tfpt
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gwx
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ad596d25f24dd2b2c15a7ac7c872548e

Headers

File Characteristics

Imports

gdi32

kernel32

msvcrt

user32

Sections

.text Size: 6KB - Virtual size: 6KB

.hfnml Size: 7KB - Virtual size: 17KB

.tfpt Size: 5KB - Virtual size: 15KB

.gwx Size: 3KB - Virtual size: 11KB

.reloc Size: 18KB - Virtual size: 21KB

.text
Size: 6KB - Virtual size: 6KB

.hfnml
Size: 7KB - Virtual size: 17KB

.tfpt
Size: 5KB - Virtual size: 15KB

.gwx
Size: 3KB - Virtual size: 11KB

.reloc
Size: 18KB - Virtual size: 21KB