a986b961d61531637027da271113034b

Sharing

Copy URL

Twitter E-mail

General

Target

a986b961d61531637027da271113034b
Size

773KB
MD5

a986b961d61531637027da271113034b
SHA1

09427190f839d5cd6468e62985c6cd5f615be57d
SHA256

d278796d15b67f7ad9a39adf1f1602027a2425c421aadad3944140c844cea14a
SHA512

034669b897f14843fe2ccdda9e4b85068fff3082daa230a2814035524a2fe0924d32bfcf5c4546a449e8fb42e5a355966e443e3614cc4158b3f2049a2ad42f1b
SSDEEP

24576:7if6ncbM6dm7eCmtY22+cfeI+RFfFG0z:84eHWmnRFd3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a986b961d61531637027da271113034b

Files

a986b961d61531637027da271113034b
.exe windows:4 windows x86 arch:x86

30b6165c54f3cfbc5aaa8f007d32dbf6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\estttfimv\msi.PDB

Imports

user32

ModifyMenuW
DefMDIChildProcW
MessageBoxA
MoveWindow
DefWindowProcW
DragObject
SetScrollPos
IsCharAlphaNumericW
DrawFrame
GrayStringW
DlgDirListW
UnhookWindowsHookEx
LoadAcceleratorsW
CreateMDIWindowA
DefMDIChildProcA
IsCharAlphaW
GetMonitorInfoW
SetClipboardViewer
SetWindowTextW
DestroyWindow
GetWindow
DdeAddData
CreateWindowStationA
GetDlgItemTextW
CreateIconIndirect
RegisterClassA
GetMenuInfo
RegisterClassW
GetWindowTextLengthW
RegisterClipboardFormatA
SetMenuContextHelpId
GetMessagePos
RealChildWindowFromPoint
PtInRect
ShowWindowAsync
CallMsgFilterA
LoadMenuA
GetCursorInfo
TrackMouseEvent
CreateWindowExA
SendMessageTimeoutW
ValidateRect
ShowWindow
GetMenuContextHelpId
GetKeyboardLayoutNameA
OpenIcon
GetMenuItemInfoW
GetMenu
GetMessageW
GetSysColorBrush
GetOpenClipboardWindow
GetMenuStringA
SetActiveWindow
GetClipboardFormatNameW
SendMessageTimeoutA
CharLowerA
TileWindows
SetMenu
GetCaretBlinkTime
WindowFromPoint
CallMsgFilterW
SetProcessWindowStation
WaitForInputIdle
GetClipCursor
UnhookWinEvent
EditWndProc
RegisterClassExA
RedrawWindow
CheckMenuItem

kernel32

TerminateProcess
GetUserDefaultLCID
CompareStringW
GetOEMCP
GetCurrentThreadId
GetTimeZoneInformation
GetSystemDefaultLangID
SetCurrentDirectoryA
GetTempPathW
GetTimeFormatA
IsDebuggerPresent
GetNumberFormatA
CopyFileExA
LCMapStringA
GetShortPathNameW
GlobalFree
GetStartupInfoW
CompareStringA
SetConsoleCP
EnumSystemLocalesA
TransmitCommChar
GetSystemTimeAdjustment
GetConsoleMode
WriteConsoleInputA
TlsAlloc
HeapDestroy
GetModuleHandleA
ExpandEnvironmentStringsA
FlushInstructionCache
UnlockFile
InterlockedExchange
GetCurrentThread
GetStdHandle
MoveFileExA
GetCurrentProcess
HeapAlloc
FreeEnvironmentStringsW
OutputDebugStringA
InterlockedDecrement
LocalReAlloc
EnumResourceTypesW
GetSystemTimeAsFileTime
GlobalFix
lstrcpyW
SetEnvironmentVariableW
GetConsoleOutputCP
WriteConsoleW
GetModuleFileNameW
GetTickCount
GetEnvironmentStringsW
CreateFileMappingA
SetEnvironmentVariableA
OpenFileMappingA
OpenSemaphoreA
FindFirstFileW
LoadLibraryW
InitializeCriticalSection
HeapLock
LeaveCriticalSection
SetVolumeLabelW
GetCurrentProcessId
EnumTimeFormatsW
SetHandleCount
VirtualFree
GetLocaleInfoW
GetCommandLineA
LoadLibraryA
lstrcmpi
HeapSize
RaiseException
SetLastError
QueryPerformanceCounter
GetCPInfo
DeleteCriticalSection
VirtualAlloc
GetConsoleCP
HeapReAlloc
ExitProcess
LCMapStringW
ReadFile
WritePrivateProfileStructA
IsValidLocale
GetProcAddress
LocalHandle
SetTimeZoneInformation
EnterCriticalSection
VirtualProtectEx
CreateMutexA
CreateToolhelp32Snapshot
CloseHandle
SetFilePointer
SleepEx
FlushFileBuffers
HeapFree
UnlockFileEx
SetUnhandledExceptionFilter
MultiByteToWideChar
DeleteAtom
WriteConsoleA
TlsGetValue
CreateFileA
UnhandledExceptionFilter
SetFileTime
GetVersionExA
GetStringTypeA
CompareFileTime
IsValidCodePage
GetThreadPriority
DebugBreak
SetStdHandle
GetProfileSectionW
lstrcatA
OutputDebugStringW
GetLogicalDriveStringsW
RtlUnwind
GetFileAttributesExA
InterlockedIncrement
GetStringTypeW
TlsSetValue
GetDateFormatA
ResumeThread
HeapValidate
FindNextFileW
VirtualAllocEx
IsBadReadPtr
VirtualQuery
TlsFree
FreeLibrary
GetProfileStringA
CreateNamedPipeW
CreateProcessW
HeapCreate
GetCommandLineW
SetThreadPriority
GetModuleFileNameA
GetSystemInfo
lstrlenA
GetACP
GetNamedPipeHandleStateW
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
GetFileType
OpenMutexA
FreeEnvironmentStringsA
GetLocaleInfoA
WriteFile
SetConsoleCtrlHandler
GetLastError
ReadConsoleOutputAttribute
GetDateFormatW
GetDiskFreeSpaceA
SetThreadIdealProcessor
FillConsoleOutputAttribute
GetProcessHeap
FindResourceA

comctl32

ImageList_EndDrag
CreatePropertySheetPageW
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_AddMasked
ImageList_Create
MakeDragList
ImageList_Destroy
ImageList_GetImageRect
CreateStatusWindow
ImageList_DragLeave

shell32

DragQueryFileW
SHGetDataFromIDListA
SHInvokePrinterCommandW

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30b6165c54f3cfbc5aaa8f007d32dbf6

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

shell32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 288KB - Virtual size: 287KB

.data Size: 115KB - Virtual size: 120KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 288KB - Virtual size: 287KB

.data
Size: 115KB - Virtual size: 120KB

.rsrc
Size: 9KB - Virtual size: 8KB