a440c52c6d3c9575b0157f2ceec22ec6

Sharing

Copy URL Twitter E-mail

General

Target

a440c52c6d3c9575b0157f2ceec22ec6
Size

140KB
MD5

a440c52c6d3c9575b0157f2ceec22ec6
SHA1

44b3bdfe64271847a48297ade52be2b7d0747dd7
SHA256

67f28b32af604d8d8bf51f6317d2583223bcea76432d9a13066525a8d53fecd7
SHA512

c97e4d79321474edf284934cef47b5caaff529bf15426755b0b2a74d387f172535cce3ae2edb2d7b0c0fe6a3e0710c6ee731b3ece5734605e806c4bb153ca95b
SSDEEP

3072:3OIfZQzLAzCgYRdJs4f+96utUlH0TWIof3wt1DEguov15U:RU1dJz+2lUTWIL1D3uY1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a440c52c6d3c9575b0157f2ceec22ec6

Files

a440c52c6d3c9575b0157f2ceec22ec6
.exe windows:4 windows x86 arch:x86

97deadcae4c88d1cd9376b302e9f31bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLocalTime
GetPrivateProfileStringA
SetFileTime
SetThreadLocale
VirtualProtect
lstrlenA
GetStringTypeW
GetStartupInfoA
Sleep
DuplicateHandle
CreateDirectoryA
GetModuleHandleA

msvcrt

__set_app_type
strncat
_acmdln
_adjust_fdiv
_umask
__pioinfo
_purecall
__setusermatherr
_controlfp
atol
__getmainargs
__p__commode
_stricmp
_except_handler3
__dllonexit
_lock
__p__fmode
log10
free
_initterm
_XcptFilter
exit
_wcsicmp

user32

TranslateMessage
DestroyWindow
CreateWindowExA
MessageBeep
DrawIcon
EnumThreadWindows
DrawIconEx
DefWindowProcA
IsDialogMessageA
LoadIconA
PtInRect
GetMenuItemID

advapi32

RegEnumKeyExW
RegOpenKeyW
RegQueryInfoKeyW
QueryServiceStatus
CryptDestroyHash
GetTokenInformation
RegDeleteKeyA
LookupPrivilegeValueW
RegOpenKeyExA
DeregisterEventSource
OpenServiceW
RegOpenKeyExW
OpenSCManagerW

ole32

OleRun
CLSIDFromProgID
DoDragDrop
IIDFromString
CoInitializeEx
CreateILockBytesOnHGlobal
PropVariantClear
CoDisconnectObject
CoTaskMemRealloc
OleDraw
CLSIDFromString

gdi32

TranslateCharsetInfo
RealizePalette
ExtCreateRegion
GetTextExtentPointW
RoundRect
SelectPalette

version

GetFileVersionInfoA
VerQueryValueW
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerLanguageNameA
GetFileVersionInfoSizeW
VerFindFileW
VerInstallFileW

shell32

DoEnvironmentSubstW
SHGetDiskFreeSpaceExW
DragQueryFile
SHGetFileInfo
SHAddToRecentDocs
SHAppBarMessage

oleaut32

SysAllocStringLen
VariantCopy
GetErrorInfo
SafeArrayPtrOfIndex
SysStringByteLen
VariantClear

comctl32

ImageList_Create
ImageList_BeginDrag
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_SetIconSize
InitCommonControls
ImageList_Destroy
CreatePropertySheetPageW
ImageList_DrawEx
InitializeFlatSB
ImageList_DragLeave

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97deadcae4c88d1cd9376b302e9f31bf

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

ole32

gdi32

version

shell32

oleaut32

comctl32

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 17KB - Virtual size: 39KB

.rsrc Size: 102KB - Virtual size: 102KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 17KB - Virtual size: 39KB

.rsrc
Size: 102KB - Virtual size: 102KB