ab5182548260e14048db141ea3bee740

Sharing

Copy URL

Twitter E-mail

General

Target

ab5182548260e14048db141ea3bee740
Size

680KB
MD5

ab5182548260e14048db141ea3bee740
SHA1

dce9f1fcb2b4ce8b890a242e91cd9aea7514ff87
SHA256

1bd9d0a3eba6c202eac09d0e860d24baf43dd45e174d303389afd2bd512749a7
SHA512

64a3b44653d3e1da1b352bdb4ad4bfc11102bcd7c9cd657de52a56d378cb913da103750fb622cdc76beb47a0ba6280e192ad8ea9776a13cc6b99ab4be63010b6
SSDEEP

12288:DQ1/1P91LX1Ez1ApS1U31t1ts0nNKBgBY:De6WpdQ0nNm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab5182548260e14048db141ea3bee740

Files

ab5182548260e14048db141ea3bee740
.exe windows:5 windows x86 arch:x86

b45ad8a48ec95a0f3275370ec78500ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmMetrics

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
memset
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
__setusermatherr

msimg32

TransparentBlt

version

VerQueryValueA

kernel32

GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetErrorMode
GetCommandLineA
LoadLibraryA
GetStartupInfoA
GetModuleHandleA
ExitProcess
CompareStringW
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateThread
IsValidCodePage
InitializeCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection

user32

BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CallWindowProcW
ChangeClipboardChain
CharLowerA
CharLowerBuffA
EndPaint
EmptyClipboard

winspool.drv

EnumPrintersA
OpenPrinterA

advapi32

GetTokenInformation
IsValidSid
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueA
RegSetValueExA
RegQueryValueExA

oleaut32

VariantClear
VariantChangeType
UnRegisterTypeLi
SysFreeString
SysAllocStringLen
SetErrorInfo
SafeArrayUnaccessData
SafeArrayRedim
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayDestroyDescriptor
SafeArrayDestroy
VariantCopyInd
VariantInit
LoadTypeLi
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayCreate
SysReAllocStringLen

Sections

.text
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifx
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b45ad8a48ec95a0f3275370ec78500ba

Headers

File Characteristics

Imports

msacm32

msvcrt

msimg32

version

kernel32

user32

winspool.drv

advapi32

oleaut32

Sections

.text Size: 424KB - Virtual size: 422KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 648B

.ifx Size: 4KB - Virtual size: 3KB

.rsrc Size: 236KB - Virtual size: 233KB

.text
Size: 424KB - Virtual size: 422KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 648B

.ifx
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 236KB - Virtual size: 233KB