a127ff060746ae559c5325aa8ac34625

Sharing

Copy URL

Twitter E-mail

General

Target

a127ff060746ae559c5325aa8ac34625
Size

192KB
MD5

a127ff060746ae559c5325aa8ac34625
SHA1

57d0264575130b63161c6db6b0cd9ad331885fbf
SHA256

cabf59797b8c22d408bfe3dc477f1b94326da6fae5b8799d432168b53bbb416f
SHA512

8c1ccddf9d1c6ce59cbfec51dfdb2e7b4d8f4781b80a02275ed31d63463394d03fdfbacbc466ddb8f15c4b1fe250820f23a19ccb408062ce002efcdf1552990d
SSDEEP

3072:af4x4PHwcihag2Hfwn0I8OBoKiKwEbNnYBfzJ1/WsYtxt8Wj84mcW8+c:pOPHwcihag2/WZ8qbjXNYBrfO5xt8WwD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a127ff060746ae559c5325aa8ac34625

Files

a127ff060746ae559c5325aa8ac34625
.exe windows:3 windows x86 arch:x86

cb189dbec23c8e7a8a2cee7339ff1bed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

comctl32

ImageList_AddMasked
ImageList_GetImageCount
DestroyPropertySheetPage

ntdll

iswctype
towupper
wcscspn

setupapi

SetupGetIntField
SetupFindNextLine

shell32

SHGetMalloc

netapi32

NetApiBufferFree
NetWkstaGetInfo

kernel32

OpenMutexA
BackupWrite
GetSystemTimeAsFileTime
CloseHandle
VirtualAlloc
GetProcessHeap
GetCurrentProcessId
ReadFile
Sleep
GetModuleHandleA
DeviceIoControl
UnhandledExceptionFilter
HeapFree
WriteTapemark
ReleaseMutex
SystemTimeToTzSpecificLocalTime
CreateMutexA
HeapAlloc
SetLastError
FindVolumeMountPointClose
SystemTimeToFileTime
GetLastError
HeapQueryInformation
LockFile
GetVersion
GetCurrentDirectoryA
TerminateProcess
GetExitCodeThread
GetFileInformationByHandle
LocalFree

gdi32

BitBlt
SelectObject
CreateBitmap
PatBlt
CombineRgn
GetMapMode

ole32

CoInitializeSecurity
CoTaskMemFree
CoCreateGuid

user32

RegisterClassExA
UnhookWindowsHookEx
GetParent
ExitWindowsEx
TranslateMessage
SetParent
GetMenuItemCount
DrawFocusRect
GetMessageA
GetSubMenu
CreateIconFromResource
SetCursor
DeleteMenu
ScreenToClient
WindowFromPoint
RemoveMenu
GetDlgItem
InvalidateRect
DispatchMessageA
GetSystemMetrics
SetWindowPos
DefWindowProcA
ClientToScreen
GetWindowThreadProcessId
DestroyWindow
SendMessageA
GetIconInfo
ShowWindow
CreateWindowExA
GetClientRect
UpdateWindow
GetMenuItemID

advapi32

FreeSid
AddAccessAllowedAce
RegCloseKey
DeleteAce
OpenThreadToken
WriteEncryptedFileRaw
ControlService
EqualSid

msvcrt

__set_app_type
_initterm
_wcsnicmp
_except_handler3
_putenv
wcsncmp
_local_unwind2
_c_exit
wprintf
_CxxThrowException
_open_osfhandle
wcsncpy
_ftol
time
__setusermatherr
_purecall
_getpid
wcsstr
_XcptFilter
localtime
_mbslen
swscanf
__wgetmainargs
realloc
clearerr
__p__commode
wcspbrk
_tzset

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb189dbec23c8e7a8a2cee7339ff1bed

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ntdll

setupapi

shell32

netapi32

kernel32

gdi32

ole32

user32

advapi32

msvcrt

Sections

.text Size: 58KB - Virtual size: 58KB

.data Size: 26KB - Virtual size: 25KB

.rsrc Size: 105KB - Virtual size: 108KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 58KB

.data
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 105KB - Virtual size: 108KB

.reloc
Size: 512B - Virtual size: 4KB