ba3fa774bb64420c7c98bfca73e5df32

Sharing

Copy URL Twitter E-mail

General

Target

ba3fa774bb64420c7c98bfca73e5df32
Size

102KB
MD5

ba3fa774bb64420c7c98bfca73e5df32
SHA1

02d2b86b9813404ba324079dc1674f4a27f9e26d
SHA256

d3ae0f771b3a936d70fa42322d767288aad924e1ff64766236c31f00ecc69397
SHA512

d80802ad1280db1ad98587bb0fc1e268e0914f5c0726fef991bdab3a5b77c004993500049f43b51d3c439bc4d592563b6a34359b05c5176b515d54bb381e6854
SSDEEP

3072:bZzSm5LB1kmo9w9IYEGaLK3LvQAdo1Kvtotne:bZf5gs9IzvAIeosuE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba3fa774bb64420c7c98bfca73e5df32

Files

ba3fa774bb64420c7c98bfca73e5df32
.exe windows:5 windows x86 arch:x86

54e53e8968055db67daa08846391a21e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetCurrentObject
GetLayout
SetLayout
CreateCompatibleBitmap
DeleteDC
AngleArc
GetWindowOrgEx
Ellipse
CreateCompatibleDC
PolyBezierTo
Arc
CreateRoundRectRgn
GetDIBits
SetViewportOrgEx
GetStockObject
CreateBrushIndirect
DeleteMetaFile
LPtoDP
TextOutW
GetBrushOrgEx
BitBlt

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GlobalHandle
ExpandEnvironmentStringsA
HeapReAlloc
GetModuleHandleW
VirtualAlloc
FindResourceA
ExitProcess
GetStartupInfoA
InterlockedCompareExchange
IsValidCodePage
CreateFileMappingA
GetCPInfo
SuspendThread
GetCurrentThread
SetLastError
lstrcmpW
CompareStringA
GetProcessHeap
HeapAlloc
GetLocaleInfoA

advapi32

RegDeleteValueA
RegCloseKey
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
UnlockServiceDatabase
RegOpenKeyW
RegCreateKeyExA
AllocateAndInitializeSid
RegCreateKeyW
RegCreateKeyExW
RegEnumValueW
EnumServicesStatusExA
EqualSid
RegQueryValueW
RegEnumValueA
ChangeServiceConfigA
RegOpenKeyExA
RegQueryInfoKeyW
CloseServiceHandle
RegEnumKeyExA
LookupAccountSidW
InitializeAcl
RegQueryValueExW
ChangeServiceConfig2A
RegQueryValueExA
FreeSid
InitializeSecurityDescriptor
LockServiceDatabase

msvcrt

_sopen
_beginthread
wcscat
fread
_itoa
_read
_mbsnbcpy
_onexit
__setusermatherr
wcslen
iswalpha
_strdup
localtime
_wcsicmp
strtol
printf
gmtime
strstr
ctime
isxdigit
bsearch
_wgetenv
_adjust_fdiv
_makepath
_memicmp
sscanf
??2@YAPAXI@Z
_snwprintf
_strnicmp
exit

comctl32

PropertySheetW
PropertySheetA
ImageList_Destroy

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54e53e8968055db67daa08846391a21e

Headers

File Characteristics

Imports

gdi32

version

kernel32

advapi32

msvcrt

comctl32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 34KB - Virtual size: 78KB

.idata Size: 12KB - Virtual size: 31KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 34KB - Virtual size: 78KB

.idata
Size: 12KB - Virtual size: 31KB

.rsrc
Size: 20KB - Virtual size: 19KB