aa37cb130f6ca1126efd376ac205ff6e

Sharing

Copy URL

Twitter E-mail

General

Target

aa37cb130f6ca1126efd376ac205ff6e
Size

418KB
MD5

aa37cb130f6ca1126efd376ac205ff6e
SHA1

010216f9e0742bbb114cbcb3fec48f53adf15f06
SHA256

00139474af83b7ee1e52d12becf962c33be81ef2f514148043a1ae7a5b39fbee
SHA512

d7b69fa8d48af5ffc3e53888e2e2e7bc6a65dffd2f8c4413eff3baa14aa89d05003f0529ca4db24a320c003af5230b053f389405ab4bcab63a311edd27fd3a5d
SSDEEP

12288:u021Ydqt47uhUpZnN9jJvLroc5/JPyi05HrWdWp:yA7u6FBJTcIJKi0sY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa37cb130f6ca1126efd376ac205ff6e

Files

aa37cb130f6ca1126efd376ac205ff6e
.exe windows:4 windows x86 arch:x86

ad7daf22a5cbdc7d0cdf45ecda0b0734

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

FindTextW
GetSaveFileNameA
FindTextA

shell32

SHFileOperationW
SHGetSpecialFolderLocation
SHGetInstanceExplorer

advapi32

GetUserNameA
RegSaveKeyA
RegCreateKeyExA
RegEnumKeyExW
CryptDecrypt
RegQueryInfoKeyW
RegCloseKey
CryptDuplicateHash
RegSetValueW
RegCreateKeyW
AbortSystemShutdownA
RegQueryMultipleValuesW
CryptImportKey
GetUserNameW
RegQueryMultipleValuesA
CryptSignHashW

gdi32

GetMapMode
GetPaletteEntries
GetEnhMetaFileA
SetEnhMetaFileBits
CreateRectRgnIndirect
CheckColorsInGamut
GetCharWidth32A
ExtEscape

kernel32

WriteFile
GetTickCount
MultiByteToWideChar
GetStdHandle
IsBadWritePtr
GetOEMCP
UnlockFileEx
GetStartupInfoW
GetModuleFileNameA
GetLocaleInfoA
LCMapStringA
GetFileType
GetUserDefaultLCID
CompareStringA
SetLastError
GetCurrentThreadId
GetModuleFileNameW
GetLastError
FoldStringA
TlsFree
EnterCriticalSection
HeapFree
GetCommandLineA
HeapReAlloc
lstrcmpiW
GetProcAddress
GetTimeZoneInformation
GetDateFormatA
GetCurrentThread
LCMapStringW
GetCPInfo
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualAlloc
CompareStringW
VirtualFree
SetEnvironmentVariableA
GetCurrentProcess
GetModuleHandleA
TlsSetValue
GetCommandLineW
LoadLibraryA
WideCharToMultiByte
TerminateProcess
GetSystemTimeAsFileTime
GetACP
ExitProcess
GetEnvironmentStrings
DeleteCriticalSection
GetSystemInfo
GetVersionExA
EnumSystemLocalesA
InitializeCriticalSection
HeapDestroy
LockResource
GetStringTypeA
VirtualQuery
GetCurrentProcessId
GetLocaleInfoW
GetStringTypeW
VirtualProtect
GetTimeFormatA
FreeEnvironmentStringsA
QueryPerformanceCounter
HeapAlloc
RtlUnwind
GetStartupInfoA
HeapCreate
TlsAlloc
SetHandleCount
IsValidLocale
LeaveCriticalSection
InterlockedExchange
IsValidCodePage
UnhandledExceptionFilter
TlsGetValue
HeapSize

wininet

InternetGetConnectedStateExW
GopherOpenFileW
FtpDeleteFileA
HttpEndRequestA

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7daf22a5cbdc7d0cdf45ecda0b0734

Headers

File Characteristics

Imports

comdlg32

shell32

advapi32

gdi32

kernel32

wininet

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 7KB - Virtual size: 38KB

.data Size: 278KB - Virtual size: 277KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 7KB - Virtual size: 38KB

.data
Size: 278KB - Virtual size: 277KB

.rsrc
Size: 3KB - Virtual size: 3KB