b843cfcc982b265916baa01de2f4c79e

Sharing

Copy URL Twitter E-mail

General

Target

b843cfcc982b265916baa01de2f4c79e
Size

98KB
MD5

b843cfcc982b265916baa01de2f4c79e
SHA1

c138d288576f3955735ee4ffada962382e1c1051
SHA256

804f4bfb74e4fa773895a27cf4aab231fd20b4b7396477b2af1301ca3607053d
SHA512

acd58820f8515a015ec79f3d8111603034e9da24cbdf959033ef50c1e276e03d54a3a07c88e113b24932c79906c988b0ff39f40f2102638c9147482e34396d9d
SSDEEP

3072:5Ebnj1QFbWEjXWnMmrdaiSyZ1SaFW8jvSp:ebncbWELWmiSzwfjvSp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WINSCOPE.EXE

Files

b843cfcc982b265916baa01de2f4c79e
.zip
README.TXT
WINSCOPE.EXE
.exe windows:1 windows x86 arch:x86

4bcdf4923b415d979d9ee09a80a96307

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetThreadPriority
lstrcatA
GetPrivateProfileStringA
SetHandleCount
RtlUnwind
GlobalAlloc
LeaveCriticalSection
GetModuleHandleA
WriteFile
GetStdHandle
GetProcAddress
SetConsoleCtrlHandler
GlobalLock
GetCurrentThread
CloseHandle
InitializeCriticalSection
GetCommandLineA
GetModuleFileNameA
GetWindowsDirectoryA
lstrcpyA
GetVersion
WritePrivateProfileStringA
GetStartupInfoA
UnhandledExceptionFilter
GlobalUnlock
SetFilePointer
GetPrivateProfileIntA
EnterCriticalSection
VirtualAlloc
VirtualFree
GlobalFree
RaiseException
GetCurrentThreadId
GlobalMemoryStatus
GetEnvironmentStrings
GetLocalTime
GlobalHandle
GetLastError
GetFileAttributesA
CreateFileA
GetFileType
ExitProcess
DeleteFileA
lstrcmpA

gdi32

Rectangle
PatBlt
MoveToEx
GetStockObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreatePen
TextOutA
SetTextColor
LineTo
SetPixel
SetBkColor
CreateFontA
SelectObject

user32

WinHelpA
TranslateMessage
ShowWindow
SetWindowTextA
SetDlgItemInt
SetCursor
SetClipboardData
ReleaseDC
RegisterClassA
PostQuitMessage
PostMessageA
OpenClipboard
MoveWindow
MessageBoxA
UpdateWindow
LoadIconA
LoadCursorA
KillTimer
GetWindowRect
GetSysColor
GetSubMenu
GetMessageA
GetMenu
GetDlgItemInt
GetDC
GetCursor
GetClientRect
InvalidateRect
EnumThreadWindows
EndPaint
EndDialog
LoadStringA
EmptyClipboard
DispatchMessageA
DialogBoxParamA
DestroyWindow
DefWindowProcA
CreateWindowExA
CloseClipboard
SendMessageA
CheckRadioButton
CheckMenuItem
CheckDlgButton
SetTimer
BeginPaint

comctl32

InitCommonControls
CreateToolbarEx

comdlg32

GetSaveFileNameA
CommDlgExtendedError
ChooseColorA

winmm

waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveInGetErrorTextA
waveInClose
waveInAddBuffer

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 9KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WINSCOPE.HLP
winscope.GID

Sharing

General

Malware Config

Signatures

Files

4bcdf4923b415d979d9ee09a80a96307

Headers

File Characteristics

Imports

kernel32

gdi32

user32

comctl32

comdlg32

winmm

Exports

Exports

Sections

CODE Size: 61KB - Virtual size: 64KB

DATA Size: 9KB - Virtual size: 36KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 8KB

.rsrc Size: 16KB - Virtual size: 28KB

CODE
Size: 61KB - Virtual size: 64KB

DATA
Size: 9KB - Virtual size: 36KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 16KB - Virtual size: 28KB