ab0d6fbf8b6fd2a378ed6b67d99b78e7

General

Target

ab0d6fbf8b6fd2a378ed6b67d99b78e7
Size

220KB
MD5

ab0d6fbf8b6fd2a378ed6b67d99b78e7
SHA1

e0c77dbb91c4910d048f9260b59c71d3be4fe21b
SHA256

f39b46b618735c123558c0a78979f664c8f070704c71126fe6a4a43b0c8728d0
SHA512

3451a2a261e8237ce29121bae64ca9a7ac3a1cfbc178a9c8e3bc38855b497ca8dc9052ba67150d55b592641642189cb376d12090c1f17178c149fbdfdc19b9af
SSDEEP

6144:Er22XUi/ueepX3g0tJljQOfMfZSsB3fKoDSCS:Er28Ui/RepX39JcZJ3yFCS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab0d6fbf8b6fd2a378ed6b67d99b78e7

Files

ab0d6fbf8b6fd2a378ed6b67d99b78e7
.exe windows:4 windows x86 arch:x86

b6e66e04fb64a7c30c5fbd0caae16a92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
GetLastError
OpenFileMappingA
VirtualUnlock
Sleep
VirtualAlloc
VirtualProtect
GetExitCodeThread
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcess
TlsGetValue
ResetEvent
GetCurrentProcessId
VirtualAllocEx
GetExitCodeProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
GetCPInfo
ReleaseSemaphore
GetOEMCP
GetACP
GetSystemInfo
HeapFree
HeapCreate
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy

user32

GetWindow
IsChild
IsIconic
GetClientRect
CloseWindow
SendMessageA
LoadIconA
LoadCursorA
GetDesktopWindow
GetDC
GetCursorPos
DestroyWindow
SetTimer
ReleaseDC
InSendMessage
CreateWindowExA

gdi32

CreateHatchBrush

psapi

EmptyWorkingSet

msvfw32

DrawDibRealize
DrawDibStart

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6e66e04fb64a7c30c5fbd0caae16a92

Headers

File Characteristics

Imports

kernel32

user32

gdi32

psapi

msvfw32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 48KB - Virtual size: 45KB

.rsrc Size: 140KB - Virtual size: 139KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 48KB - Virtual size: 45KB

.rsrc
Size: 140KB - Virtual size: 139KB