d12fd14933aaf2cdd0d2ab5bfae43fb406782559f8ebb66688a606e14afdc53e

Sharing

Copy URL Twitter E-mail

General

Target

d12fd14933aaf2cdd0d2ab5bfae43fb406782559f8ebb66688a606e14afdc53e
Size

7.6MB
MD5

8899fb3cd2bf559b38bcf19d2e4cc69b
SHA1

4112e6ab014d72d0baeb98574af627d7be256439
SHA256

d12fd14933aaf2cdd0d2ab5bfae43fb406782559f8ebb66688a606e14afdc53e
SHA512

e874daeb95a2a737e48e9d6fedbed1cb15b22946c544804e80140c901d5fa328767a5c40f73b7cadad7187c346ac94d1096391301eefb8646efa48c0489eb61a
SSDEEP

196608:QxE3hKnHUaOOZIV2sr6MQvBuSDs8mJJ0ljQoJMzM/K55+:QMha0SEKvMf8mD0ljQnzM/0+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d12fd14933aaf2cdd0d2ab5bfae43fb406782559f8ebb66688a606e14afdc53e

Files

d12fd14933aaf2cdd0d2ab5bfae43fb406782559f8ebb66688a606e14afdc53e
.exe windows:5 windows x86 arch:x86

f26188d0874170a506f77bdd6ec7bf9b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetMenu
CharUpperBuffW

gdi32

OffsetViewportOrgEx

winmm

waveOutRestart

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

recvfrom

wininet

InternetReadFile

comdlg32

GetFileTitleA

Exports

Exports

)1��zU.��Ȥ��m*��-ߘZ�o��b��m;(�m��+��te�l?�u�R�E=��z"/ח�W�y�|�p �D��d��B��D��R�-�x*6�;'-�V��iU2PӋPu��^�}:8�X��i��ݮ�PT]��@��~�gK�"y��`��~��*�:"��P��IVQ�'�W�׾��ϧO�W�f9��h��ߑ^1�E�C@N�i4ĳ��!�Uk�n: �jkɪ_�� Y� ��詓#ZVǳ�� /y��r��9q ��p�1��pEǚ:b��:�$g<��J<e�Թ�Fg"=�lyˉ�<{�H�Vj��=��jJͷ@'?[�r!I��*��Ǉ��'Th�L�~��p �Sh�� t�W4��/ �%y7�㱔��]��"a�DF 4��+l�{D}.��.�\�E;G�;��@ռ�p��N Cs4�̎�!��=��v�6.zU�q9� ɂ��u��#}N��.��#A�9��[��4WX#w�� %�G�J� ��j�S��^s$X��}�w��u�t�Þǜ��0�V��.��-[c�'��=%��E?��y��T�΀��p�F��G�hO|�u�%f� ��G"�h��?]b��>��Mo��M�49m�T>�� X� d��LV�)��f_��sX35��9̫p,��>�U��>��/�0j�� ḇ�0#��JS�ȊP�c��Pa,4�X��p��1��\��\B1J>]��@T�{T.��x��G:A$�A ��~UA,�xOP�U�3J��b�!+�Ғz��X��EM�Q�B�En�.�E�nP��8<X��_!; ��0j�IH�/!�X�v��ٟy�}~��%�GÅ� %�Tn²�o�)��)?�F#��٦)K#0��p�羪##��F��X�t�ln ��E~�J�S�3]˨��>��zV��b��4�cC�W8�fTJ�[�X]Wˈ��!�wD�o��X��r[��A�|2[-�$U�"��!ͦ��Z�+��]��?�\<ҭ�_X��~Ra�nһ�KR��.��~0p,O.��ح��&P�F��H�7�FO\=P��5]��:�܄5��z�C &�a��v��9�j,�{��ΌW�w�h|!�w9�R)��|5�h�a�?��|R\\ /O�`(e ��nO�pC��s��I~bׄ+-$��l�nȸ6/3��C�p?g�q��4��n9�=o��O��Ą�e��X��U�ߦ��c�h<��?�Ukybz��n��`~<�3��,��Y�SL�f҂�Q �:�9��h��(��(7?O~P,\�͏�QM��6(?�{�]�g�Ѱ��퀴oB�oM��v��$�i�.��c��Ē�p*�@ ��|�� k\�"�z7uP�^m�8�3"�@��Poh��с�ů�� b�9��I�[�>��|�ڿ�}xY7a��.��;-׻�s��XNĎ<��p��k�嚆��[��&s��[Ke�M�g��=��v�_�,w|��ۓ]�͹�%�md@ؓz��$W�<�TTdhҐs��X>�d5�&$��r��ν��49�1��.�D��W�qYU��R�ӗO�_� a��\��<~:��^>��u"�_��fc�IM)��ݜSx�!��B\��A}7��1�W��b�\�ݷ6}]4[��8�?P@��5ݻ�JX�m�5��3��ۨ�2�j�:0��ݏs�As.��.�3��Jh�'?QLSf��\�yxh:�ޫڂ8킮}�qҷ_d�#YR��fd�U�(�h_��2j��q#��z�*��%d�ĨA��R|�.<e�v�?*��<'Op�6I�!(R��R�y��h�y��{}��My�E]�.�|��uM��!��{�p��Ł��Py��p�F�9�14�'QMu9-��Wc.Q��-gH��A7;=��gu��m��R��@�:p��,��U��Z�Vh�5�&�,n>V��2��dÕ��<v�Pݛ��[q� ય�2gvP��K��l��򤗾.2yy��g�a��]:�')�#�IS+|O��K]��~�z��aVC��U��I� c�ۧ�M��0�-$�_�΋�{�Q]�|�1y�O}@^a�y1��qD��A�Ɩ�� M4��)D̬��bѭ��t��,a9P�j�{42C��;�q?��]��C�Tx��͢^ke��ʦ!�;�TD?�a��Qy�|<��k��]��7�pO��J��0R (�j��p��Z�m�b]:�9�\/٣�!��a��$7�"��?QP��}��}@�ln��,_ejf/��-��E��~��`7sd��_��k�:w[��@!�x��$�Ah��G6��D��5�A;��n�R-��H��G�P�j5$0�a�}��ʚ(x��=k��yuk�jy��c�F��v��Đ�{r�bg$��}m�&��H:q�0qV)o�\m�$9�W��~L��Z��@��-��(��+o�e�M�� ��gj,�s�dDe��.��|=~�8p�F~��&�Z��v�r6�㊘;8jC��͛^J��+��Ь:Ј�Y`��#�&�q�E�E��ҵ�#�_�j�+2a�]�)%i��s��㼶�ZZ\z��h��8�V��ʠ��*xn��S� "{�"ɍ��%Ni�C��o�iW`~0�<��M�� y�{�M�Iq�F_�W��:d�g��*f:frI �)Z��_ �z�z��D;�.?E~�ݩ�坳g߻��1�Xy�dW��N�U�e�]$��

Sections

.text
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.o<A
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MS1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RQs
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f26188d0874170a506f77bdd6ec7bf9b

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 692KB

.rdata Size: - Virtual size: 98KB

.data Size: - Virtual size: 408KB

.o<A Size: - Virtual size: 4.7MB

.MS1 Size: 4KB - Virtual size: 2KB

.RQs Size: 7.6MB - Virtual size: 7.6MB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 692KB

.rdata
Size: - Virtual size: 98KB

.data
Size: - Virtual size: 408KB

.o<A
Size: - Virtual size: 4.7MB

.MS1
Size: 4KB - Virtual size: 2KB

.RQs
Size: 7.6MB - Virtual size: 7.6MB

.rsrc
Size: 20KB - Virtual size: 19KB