b67aa00158b2e734cadfcca2234d5a55

Sharing

Copy URL Twitter E-mail

General

Target

b67aa00158b2e734cadfcca2234d5a55
Size

539KB
MD5

b67aa00158b2e734cadfcca2234d5a55
SHA1

f7602d347684e018132e816f35af47a2c8e2cf68
SHA256

eb01904f4422baf7cc19275de37c8e727201d12c56954a4760db9bfeff4c3579
SHA512

a43968a495068769834d3e82fb69e620a99783f334087f4f88f9eb3eec87bad0332374f1481d6936d580cdd9ad26a450f0b2b71d718236b4553e7ae46f4aa787
SSDEEP

12288:cz502y3LWKYVsaosgcroDQ2bDvkLe97z:cTy3LWKYVszyrDEvk+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b67aa00158b2e734cadfcca2234d5a55

Files

b67aa00158b2e734cadfcca2234d5a55
.exe windows:4 windows x86 arch:x86

eaec03755ae1547331071bc344c6a74e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ierkeknu\buglemiss\ceruo.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

FreeEnvironmentStringsW
WritePrivateProfileStructW
UnhandledExceptionFilter
EnumSystemLocalesA
IsBadWritePtr
ExitProcess
LeaveCriticalSection
GetEnvironmentStringsW
GetStringTypeA
TerminateProcess
GetPrivateProfileSectionNamesW
SetFilePointer
LocalFileTimeToFileTime
TlsGetValue
InterlockedExchange
GetCurrentThread
WritePrivateProfileStringW
IsValidLocale
GetCurrentProcessId
WideCharToMultiByte
SetStdHandle
GetCurrentThreadId
SetEndOfFile
OpenMutexA
GetACP
GetVersionExA
GetLocaleInfoW
SetHandleCount
LCMapStringA
HeapDestroy
EnterCriticalSection
UnlockFile
ReadConsoleOutputCharacterW
FlushFileBuffers
MultiByteToWideChar
GetCPInfo
GetOEMCP
MapViewOfFileEx
GetStdHandle
FreeEnvironmentStringsA
IsValidCodePage
LoadLibraryA
GetTimeFormatA
InitializeCriticalSection
RtlUnwind
VirtualAlloc
VirtualFree
GetModuleHandleA
HeapFree
HeapReAlloc
GetModuleFileNameA
GlobalGetAtomNameW
DeleteCriticalSection
GetSystemTimeAsFileTime
ReadFile
GetPrivateProfileSectionNamesA
WriteFile
LCMapStringW
GetTickCount
EnumDateFormatsExW
HeapSize
GetProcAddress
GetFileType
GetProfileSectionW
GetEnvironmentStrings
GetLocaleInfoA
TlsFree
VirtualQuery
VirtualProtect
TlsAlloc
GetDateFormatA
GetCurrentProcess
GetCommandLineA
QueryPerformanceCounter
GetSystemInfo
CreateMutexA
TlsSetValue
CompareStringA
FillConsoleOutputCharacterA
GetUserDefaultLCID
CompareStringW
HeapCreate
GetStartupInfoA
GetTimeZoneInformation
GetLastError
HeapAlloc
SetEnvironmentVariableA
SetLastError
GetStringTypeW
CommConfigDialogW
CloseHandle

shell32

DragQueryFileAorW
DragFinish
RealShellExecuteA
ShellExecuteW
SheGetDirA

user32

IsIconic
GetComboBoxInfo
RegisterClassExW
LoadMenuA
RegisterClassExA
LookupIconIdFromDirectory
GetTopWindow
RegisterClassA
GetActiveWindow
SetMenuItemBitmaps
GetMessagePos
SetRect
EnableMenuItem
UnregisterClassA

gdi32

OffsetClipRgn
PlgBlt
PlayEnhMetaFile
SetTextJustification
GetMetaFileW
GdiGetBatchLimit
StartDocA
GetMapMode
SetViewportOrgEx
GetTextCharset
ScaleWindowExtEx

comdlg32

PrintDlgA
FindTextA
ChooseFontW
ChooseColorA

Sections

.text
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaec03755ae1547331071bc344c6a74e

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

shell32

user32

gdi32

comdlg32

Sections

.text Size: 402KB - Virtual size: 401KB

.rdata Size: 21KB - Virtual size: 37KB

.data Size: 100KB - Virtual size: 99KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 402KB - Virtual size: 401KB

.rdata
Size: 21KB - Virtual size: 37KB

.data
Size: 100KB - Virtual size: 99KB

.rsrc
Size: 15KB - Virtual size: 15KB