ad6f5dc7467ff5589b4181a0ef0c660d

Sharing

Copy URL Twitter E-mail

General

Target

ad6f5dc7467ff5589b4181a0ef0c660d
Size

166KB
MD5

ad6f5dc7467ff5589b4181a0ef0c660d
SHA1

ae533377473c228b39eb0246758f41c7a74d185c
SHA256

ae72d3216de390257d12f74fcbb80415be5f7a9539ffb3331414f4ca6aca1a30
SHA512

197998b6f4627159912b0a6ec65711702c08be829c67e2d63615a57721ea385d48f7189bf799dc2c71cf5be0cb7c14abd197033d0dbd1f2e4b80b43760a3d4a3
SSDEEP

3072:yyeUmz/mdC8Ged29SzlNCd9W4Xnlf3thfvx1i7p5HsoO6xKgXv+T:ixyU8Ged2St4Xnlf3tZi1Wua

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad6f5dc7467ff5589b4181a0ef0c660d

Files

ad6f5dc7467ff5589b4181a0ef0c660d
.exe windows:4 windows x86 arch:x86

2a89e1ab7cccb4717623c383442f305b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathRenameExtensionW
PathIsDirectoryW
PathCombineW
PathAppendW
PathRemoveBackslashW
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyW
RegSetValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyA

kernel32

CloseHandle
CreateFileA
InterlockedDecrement
GetVersionExW
SetFilePointer
GetModuleFileNameW
WaitForMultipleObjects
MulDiv
OutputDebugStringW
CreateDirectoryW
CreateDirectoryA
InitializeCriticalSection
DeleteFileW
FindFirstFileW
FindNextFileW
EnterCriticalSection
FindClose
RemoveDirectoryW
SetFileAttributesW
CopyFileA
GetPriorityClass
GetTickCount
ReadFile
CreateMutexA
InterlockedIncrement
GetCurrentProcessId
GetThreadLocale
ReleaseMutex
LocalFree
GetVersionExA
OutputDebugStringA
GetSystemTime
lstrlenA
FreeLibrary
SetFileAttributesA
GetTempFileNameW
EnumResourceTypesW
LeaveCriticalSection
LocalAlloc
GetFileAttributesA
GetProcAddress
GetCurrentThreadId
GetTempFileNameA
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetTempPathW
LoadLibraryW
ExitProcess
DeleteFileA
WriteFile
GetModuleFileNameA
GetTempPathA
lstrlenW
MultiByteToWideChar
InterlockedExchange
DeleteCriticalSection
GetLastError
WaitForSingleObject
GetACP
WideCharToMultiByte
GetLocaleInfoA
GetSystemTimeAsFileTime

user32

TranslateMessage
IsRectEmpty
GetDC
PeekMessageW
CopyRect
OffsetRect
ReleaseDC
wsprintfW
GetClientRect
SetRectEmpty
DispatchMessageW
FillRect
GetWindowRect

gdi32

DeleteDC
CreateCompatibleDC
BitBlt
CreateBitmap
GetObjectW
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
CreateDCW
SetBrushOrgEx
GetObjectType
CreateDIBSection
GetDIBits
SetBkColor
SelectObject
StretchBlt
SetStretchBltMode

ole32

StringFromGUID2
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize

winmm

timeGetTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a89e1ab7cccb4717623c383442f305b

Headers

File Characteristics

Imports

shlwapi

advapi32

kernel32

user32

gdi32

ole32

winmm

avifil32

shell32

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 62KB - Virtual size: 62KB

.tls Size: 1024B - Virtual size: 104KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 62KB - Virtual size: 62KB

.tls
Size: 1024B - Virtual size: 104KB