a1db1e2aa43b535f6c02149780c005bd

Sharing

Copy URL Twitter E-mail

General

Target

a1db1e2aa43b535f6c02149780c005bd
Size

110KB
MD5

a1db1e2aa43b535f6c02149780c005bd
SHA1

f6ed1e08bc8ab0ff45c57aa5cc987f80b9e29941
SHA256

f0034ce76e3a6058f58f61dd438911873b22c9125c74ee5d0963067786991b0b
SHA512

30eb020cae21d3de907c8fc87a23f001e4ed2dab20b5bd01e9d0f787bcda1f14d2ea369ffdc0c654ac4980aadbad1753450fea042611fa4cd7f9415887a56a63
SSDEEP

3072:waitwcVX69DaLxeu2jeKmakKq7ymV8Y4:wO069uL4Vmjy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1db1e2aa43b535f6c02149780c005bd

Files

a1db1e2aa43b535f6c02149780c005bd
.exe windows:4 windows x86 arch:x86

0af4ebad5c42dcbc88f3aea527e03647

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowLongW
BeginPaint
SetDlgItemTextW
LoadStringW
LoadIconW
GetWindowDC
GetDlgItem
GetParent
SendMessageW
MessageBoxW
EndPaint
LoadBitmapW
PostMessageW
ReleaseDC
SetWindowLongW
DestroyWindow
SetWindowPos
DefWindowProcW

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW

kernel32

CancelWaitableTimer
GetOEMCP
FreeEnvironmentStringsW
GetModuleHandleA
IsValidCodePage
RtlUnwind
GetFileType
GetACP
GetTickCount
QueryPerformanceCounter
HeapFree
OpenProcess
GetModuleFileNameA
ReadFile
GetCurrentThreadId
TlsFree
GetProcessHeap
HeapAlloc
GetVersionExA
SetHandleCount
GetStdHandle
IsDebuggerPresent
GetCPInfo
HeapCreate
InterlockedIncrement
FreeEnvironmentStringsA
ExitProcess
GetCurrentProcess
ExitProcess
FlushFileBuffers
VirtualFree
SetLastError
TerminateProcess
GetCommandLineA
UnhandledExceptionFilter
LoadLibraryW
HeapDestroy
TlsGetValue
GetEnvironmentStringsW
TlsAlloc
DeleteCriticalSection
RaiseException
GetStartupInfoA
TlsSetValue
GetEnvironmentStrings
SetUnhandledExceptionFilter
GetFileAttributesW
WideCharToMultiByte

ole32

CoUninitialize
CoCreateInstance
CoInitialize

gdi32

CreateSolidBrush
GetObjectW
SetBkColor
GetDeviceCaps
DeleteObject
CreateFontIndirectW
SetBkMode

oleacc

CreateStdAccessibleObject

crypt32

CryptDecodeObject
CertFreeCertificateContext
CryptMsgGetParam
CertEnumSystemStoreLocation
CryptMsgClose
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertCloseStore

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0af4ebad5c42dcbc88f3aea527e03647

Headers

File Characteristics

Imports

user32

shell32

kernel32

ole32

gdi32

oleacc

crypt32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 33KB - Virtual size: 32KB

.rsrc Size: 1024B - Virtual size: 68KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 1024B - Virtual size: 68KB