a1d4a2dd76cf2fc22bf87415ea7a4dbe

Sharing

Copy URL Twitter E-mail

General

Target

a1d4a2dd76cf2fc22bf87415ea7a4dbe
Size

616KB
MD5

a1d4a2dd76cf2fc22bf87415ea7a4dbe
SHA1

0bb13955afc9221183a33da352a1c74b046f3065
SHA256

017fd90527fe54934dd48b9d2e2c95eae9a64649f038ef6e5cbebee81833802c
SHA512

7287e5c6e95faf82cbe057dcfe79816c029c442010f3dac00dca114a66260db1fea73f20adfda603993d0d18588d28a1f873b19ea4e539eaa2e42115d2bda866
SSDEEP

12288:l5l1dNt+y1OhUdypi+bD1KCQCiVADgBlcdr:l53bt+zhYyhD1KnCiWgjmr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1d4a2dd76cf2fc22bf87415ea7a4dbe

Files

a1d4a2dd76cf2fc22bf87415ea7a4dbe
.exe windows:4 windows x86 arch:x86

78aa27196919bdf13858fc89b5d88930

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ANH\NDOKXSYET\TJT\IOTLJ.PDB

Imports

comdlg32

ChooseColorW

kernel32

LocalReAlloc
TlsGetValue
HeapReAlloc
HeapSize
HeapFree
CompareStringW
ReleaseMutex
CompareStringA
OpenFile
CreateMutexA
FindAtomA
GetTimeFormatW
GetConsoleScreenBufferInfo
SetEnvironmentVariableA
FindResourceExA
IsBadWritePtr
GetPrivateProfileStructA
InterlockedExchange
FlushFileBuffers
GetCommandLineA
TerminateThread
HeapAlloc
DeleteCriticalSection
GetLocaleInfoA
VirtualQuery
CloseHandle
Sleep
SetVolumeLabelW
GetTempFileNameW
LeaveCriticalSection
ReadFile
EnumSystemLocalesA
GlobalReAlloc
FreeEnvironmentStringsW
RtlUnwind
FreeEnvironmentStringsA
GetStdHandle
CopyFileA
TerminateProcess
WideCharToMultiByte
GetStartupInfoA
TryEnterCriticalSection
EnterCriticalSection
GetProcAddress
OpenMutexW
LocalShrink
EnumResourceNamesA
CreateMailslotA
GetStringTypeW
OpenMutexA
GetStringTypeA
GetModuleFileNameW
GetTickCount
GetConsoleOutputCP
CreateNamedPipeA
GetEnvironmentStrings
GetACP
UnhandledExceptionFilter
VirtualProtect
GetLastError
IsValidLocale
GetCPInfo
GetLocaleInfoW
GetComputerNameW
InitializeCriticalSection
VirtualAllocEx
FileTimeToLocalFileTime
GetWindowsDirectoryA
CreateFileW
LCMapStringA
LoadLibraryA
GetCommandLineW
GetCurrentThread
LCMapStringW
VirtualFree
GetFileAttributesExW
SetHandleCount
WriteFile
SetLastError
GetCurrentProcessId
GetThreadTimes
TlsFree
GetVersionExA
SetEnvironmentVariableW
TlsSetValue
GetModuleHandleA
ReleaseSemaphore
RtlZeroMemory
TlsAlloc
InterlockedCompareExchange
GetSystemTimeAsFileTime
HeapDestroy
GetOEMCP
GetEnvironmentStringsW
CreateProcessA
GetCurrentProcess
OpenWaitableTimerA
ExitProcess
SetStdHandle
SetCurrentDirectoryW
WaitForDebugEvent
GetSystemInfo
GetFileType
GetStartupInfoW
SetLocaleInfoA
GetUserDefaultLCID
lstrlenA
SetFilePointer
MultiByteToWideChar
GetTimeFormatA
IsValidCodePage
GetCurrentThreadId
GetTimeZoneInformation
GetModuleFileNameA
VirtualAlloc
FoldStringA
QueryPerformanceCounter
HeapCreate
GetDateFormatA

comctl32

MakeDragList
ImageList_DrawIndirect
ImageList_ReplaceIcon
ImageList_DragMove
CreateMappedBitmap
CreatePropertySheetPage
CreateToolbarEx
ImageList_BeginDrag
ImageList_SetImageCount
DrawInsert
CreatePropertySheetPageW
CreateUpDownControl
InitMUILanguage
ImageList_GetIcon
DrawStatusText
ImageList_SetIconSize
ImageList_Read
InitCommonControlsEx
CreatePropertySheetPageA
ImageList_Remove
ImageList_Write
ImageList_Replace

user32

RegisterClassExA
GetDesktopWindow
GetDlgCtrlID
DrawStateA
DdeUnaccessData
GetThreadDesktop
DdeAbandonTransaction
SetDlgItemTextA
SetPropA
GetUserObjectInformationA
DefWindowProcW
MessageBoxExW
ReleaseDC
ImpersonateDdeClientWindow
CallWindowProcA
SetPropW
DefFrameProcW
EnumWindowStationsW
UnhookWindowsHookEx
DestroyWindow
MessageBoxA
CopyRect
GetKeyState
RegisterClassA
BroadcastSystemMessageW
IsZoomed
SetClassWord
ShowWindow
DdeFreeDataHandle
CreateWindowExW

gdi32

DeleteDC
CreateDIBPatternBrushPt
GetObjectType
CreateBrushIndirect
GetObjectW
GetDeviceCaps
CreateDCW
PlayEnhMetaFile
SelectObject
SetMetaFileBitsEx

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78aa27196919bdf13858fc89b5d88930

Headers

File Characteristics

PDB Paths

Imports

comdlg32

kernel32

comctl32

user32

gdi32

Sections

.text Size: 172KB - Virtual size: 169KB

.rdata Size: 252KB - Virtual size: 248KB

.data Size: 112KB - Virtual size: 127KB

.rsrc Size: 76KB - Virtual size: 73KB

.text
Size: 172KB - Virtual size: 169KB

.rdata
Size: 252KB - Virtual size: 248KB

.data
Size: 112KB - Virtual size: 127KB

.rsrc
Size: 76KB - Virtual size: 73KB