9ba20f0ea69ae8014e2601d3047fcfd6

Sharing

Copy URL Twitter E-mail

General

Target

9ba20f0ea69ae8014e2601d3047fcfd6
Size

143KB
MD5

9ba20f0ea69ae8014e2601d3047fcfd6
SHA1

901f6152d197ff353bed42cfaec8d475c6f23303
SHA256

dcb3af24ee43a2f6198da7644d984ee7ad314442c6627639c706bbc2f1981b37
SHA512

df938c8ce5b9c9e256a32a65b4e9bcf0bef02039dbc5bc1859e9b4cf98de3403edf908bcccf3a0f356508c87fcf3445a72f91594fa8dd2516ac4ee308ef06d15
SSDEEP

3072:UUQ1vbYjCyfogO6pLsyJotVu+JS0xiA/ImfU9TArxv4jhy:UH5Yzog9ZU1FH/viTAyhy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ba20f0ea69ae8014e2601d3047fcfd6

Files

9ba20f0ea69ae8014e2601d3047fcfd6
.exe windows:5 windows x86 arch:x86

e27d932db0f812e39e4845461d735ca4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\WdxVam\qsgEqvo\tiucbAz\enTzTobs\raYh.pdb

Imports

shlwapi

PathMakePrettyA
StrSpnW
PathCanonicalizeW

user32

GetDC
RegisterWindowMessageW
GetKeyState
GetClipboardData
GetKeyNameTextW
GetCursorPos
CharLowerA
SendNotifyMessageW
DialogBoxIndirectParamA
GetClassNameW
LoadImageA
GetMenu
DialogBoxParamW

msvcrt

exit

comctl32

ImageList_Write
CreatePropertySheetPageW
PropertySheetA

gdi32

CreateICW
AddFontResourceW
Escape
GetSystemPaletteUse
EnumFontsW
RemoveFontResourceW

kernel32

HeapValidate
LoadLibraryW
HeapCreate
GetStringTypeExW
HeapUnlock
GetFileTime
ExitProcess
GetSystemDirectoryW

Exports

Exports

?XO____V_Jv_thoqlUWyp@@YGPAIPAK@Z
?HBqc_TKDJ__PP@@YGGI@Z
?q_nMFLMUHTMrmKPOASbROP@@YGPADG@Z
?__TBDWNQ_FABdAhm___maq@@YGFDPAK@Z
?iEE_jzsizBAJB@@YGPAGMPAM@Z
?_cpuf_lYHP@@YGK_N@Z
?PHU_d_a@@YGHPAF@Z
?_Lc_ny__enm@@YGPAM_N@Z
?ytao__R_H_K__YJ__Genw_@@YGPAHPAD@Z
?o_hbfcz_msl__snl@@YGKGPAK@Z
?FDLDCsoj_n_qz_ye@@YGXGPAE@Z
?ggurpqpbmzt_oaavggx_a@@YGXFI@Z
?AQNX___u_o_dhIYs@@YGFPAFM@Z
?dp_ESOTNZbiINGKT_E@@YGPAEDI@Z
?_of_iAVQVMZ_HD@@YGPAGPAJ@Z
?QZY_GNTA_PIJMT_KQ_FPZ@@YGHE@Z

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.r_dat
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e27d932db0f812e39e4845461d735ca4

Headers

File Characteristics

PDB Paths

Imports

shlwapi

user32

msvcrt

comctl32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.r_dat Size: 17KB - Virtual size: 17KB

.data Size: 26KB - Virtual size: 182KB

.rdata Size: 25KB - Virtual size: 25KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 48KB

.r_dat
Size: 17KB - Virtual size: 17KB

.data
Size: 26KB - Virtual size: 182KB

.rdata
Size: 25KB - Virtual size: 25KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB