a1825c22b78e1a866c82fd3a74846ed4

Sharing

Copy URL Twitter E-mail

General

Target

a1825c22b78e1a866c82fd3a74846ed4
Size

139KB
MD5

a1825c22b78e1a866c82fd3a74846ed4
SHA1

ec70f0ab0469e93da38f851c57cd85adabe2e006
SHA256

8ea6752246df96933135b3c95b73526caec955f742fa88464aa98188eb4a2700
SHA512

51ce67198eb7e45639b9633610718fb07b38625542ab055745ff4ec64510f8e267558b94d7a86f47153b92d2108625886b917a7e2f88ac579d96113bcab9c455
SSDEEP

3072:bv6gTPkzrJ9o1g7Ao4mRZ/R/Q/n8ea+bMc56QrOg9bwLq:egrCjRZJ/Q/Ajc56uOgdM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1825c22b78e1a866c82fd3a74846ed4

Files

a1825c22b78e1a866c82fd3a74846ed4
.exe windows:5 windows x86 arch:x86

6f1a1f66d458da03e1bd5ff0a4eda859

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
SetCurrentDirectoryA
MulDiv
GetFileAttributesA
GetVersionExW
GetStartupInfoA
GetCurrentDirectoryA
GetWindowsDirectoryA
DeleteFileW
GetEnvironmentVariableA
VirtualProtect

msvcrt

_XcptFilter
strchr
_umask
__set_app_type
_acmdln
wcstoul
_adjust_fdiv
wcscat
__p__fmode
exit
calloc
malloc
_osver
localtime
_controlfp
__setusermatherr
time
__p__commode
__getmainargs
getenv
log
_itoa
_initterm
_lseek
sqrt
_onexit
_unlink
_except_handler3
_kbhit

advapi32

RegOpenKeyW
SetSecurityDescriptorOwner
RegQueryInfoKeyW
AdjustTokenPrivileges

oleaut32

SafeArrayPtrOfIndex
SafeArrayRedim
SysReAllocStringLen
SetErrorInfo
SafeArrayGetElement
SysFreeString
VariantCopy
SysStringByteLen
GetActiveObject
SafeArrayUnaccessData
GetErrorInfo

gdi32

StretchDIBits
CreateBitmap
GetBkMode
CreatePenIndirect
SetWorldTransform
EnumEnhMetaFile
CombineRgn
GetBrushOrgEx
EndDoc

comctl32

ImageList_Create
DestroyPropertySheetPage
ImageList_Replace
ImageList_GetIconSize
PropertySheetA
ImageList_Destroy
InitializeFlatSB
ImageList_SetOverlayImage
CreateToolbarEx

ole32

CreateILockBytesOnHGlobal
CoGetInterfaceAndReleaseStream
CoUninitialize
CreateBindCtx
CoReleaseMarshalData
OleSetClipboard

shell32

SHGetDiskFreeSpaceExW
SHAppBarMessage
SHBrowseForFolderW
SHBrowseForFolder
SHCreateDirectoryExW
SHGetSettings
ExtractIconW
SHFileOperationA
SHAddToRecentDocs
SHFileOperationW
SHGetFolderPathW
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetFileInfo
CommandLineToArgvW
ShellExecuteW

user32

GetWindowRect
SetRect
GetClassInfoA
RemoveMenu
LoadStringA
GetIconInfo
GetMenu

version

VerLanguageNameA
GetFileVersionInfoA
VerFindFileW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f1a1f66d458da03e1bd5ff0a4eda859

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

gdi32

comctl32

ole32

shell32

user32

version

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 17KB - Virtual size: 40KB

.rsrc Size: 104KB - Virtual size: 103KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 17KB - Virtual size: 40KB

.rsrc
Size: 104KB - Virtual size: 103KB