ba9642a7c6a914e98df011497fb24186

Sharing

Copy URL Twitter E-mail

General

Target

ba9642a7c6a914e98df011497fb24186
Size

628KB
MD5

ba9642a7c6a914e98df011497fb24186
SHA1

7e103d98cd9d84a0d9adb3bafae376df2341dacc
SHA256

e0731ca6b3ebdf51c1b97e7629be403366e78c8797aba24aaeca7771901f49d2
SHA512

03639c02ec4b5ee1be2cc2518f277dab5f00ad1bcaabe87f6b3a06cd57e7e650487733be66c79bbb13063142c3220b239988450251b0ea98e7f09b881f4495ec
SSDEEP

12288:r6rlF5cdzt4ZukO9KLhjNux1tTp/oLajR0sA:r6rlFasZz9Zux1Fpwq/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba9642a7c6a914e98df011497fb24186

Files

ba9642a7c6a914e98df011497fb24186
.exe windows:4 windows x86 arch:x86

8876f40223646c1c21e094f4d28f2969

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFileOperationW
SHGetFileInfoA

comdlg32

GetOpenFileNameW
PrintDlgA

user32

DestroyAcceleratorTable
LookupIconIdFromDirectoryEx
GetKeyNameTextA
DeferWindowPos
RegisterClassA
SetTimer
AnimateWindow
SetClipboardData
MessageBoxA
EnumPropsExA
CreateDesktopA
SetProcessDefaultLayout
RegisterClassExA
MessageBoxW
DdeCmpStringHandles
DestroyWindow
LoadStringW
DlgDirSelectComboBoxExA
PostMessageA
GetClipboardData
IsCharLowerA
GetUpdateRgn
GetMessageExtraInfo
TranslateAcceleratorW
UnionRect
RemovePropA
GetActiveWindow
ShowWindow
WINNLSGetEnableStatus
SetFocus
SetPropA
MapVirtualKeyExA
DefWindowProcW
ReplyMessage
DrawStateA
EnumThreadWindows
ToUnicode
GetCursorPos
CreateWindowExW
DdeKeepStringHandle
GetDlgItem
AdjustWindowRect
DialogBoxIndirectParamA
InSendMessage
EnumPropsExW
GetWindowDC
LoadAcceleratorsW
FindWindowW
SetForegroundWindow
GetClipboardSequenceNumber
SetWindowPos
SubtractRect
GetMenuStringW
UnhookWindowsHookEx
SendDlgItemMessageA
DrawTextW
TranslateMDISysAccel

advapi32

CryptGetDefaultProviderW
RegOpenKeyA
CryptAcquireContextW
LookupPrivilegeDisplayNameW
RegDeleteKeyW
LookupSecurityDescriptorPartsA
CryptExportKey
CryptSignHashA
LookupAccountSidW
RegSetValueW
LogonUserW
CryptDuplicateKey
CryptGetProvParam
AbortSystemShutdownA
RegSaveKeyA
RevertToSelf
RegQueryValueExW
CryptReleaseContext
RegDeleteValueA
RegSetValueExA
RegSaveKeyW
LookupPrivilegeDisplayNameA

kernel32

GetEnvironmentStrings
GetTimeFormatA
GetSystemInfo
SetLastError
CreateMutexA
IsValidLocale
SetEnvironmentVariableA
CloseHandle
VirtualFree
GetStringTypeW
FreeEnvironmentStringsA
GetCurrentProcess
OpenSemaphoreW
GetCurrentProcessId
OpenMutexA
GetTempFileNameW
GetACP
GetLocaleInfoA
GetCommandLineA
LocalShrink
TlsGetValue
IsBadWritePtr
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
VirtualProtect
CompareStringA
lstrcatA
EnumSystemLocalesA
FindNextFileA
SetConsoleOutputCP
WriteConsoleOutputW
ReadFile
VirtualLock
UnhandledExceptionFilter
RtlUnwind
SetStdHandle
GetEnvironmentStringsW
CompareStringW
OutputDebugStringA
FlushFileBuffers
GetStartupInfoA
LocalFree
HeapSize
GetStringTypeA
GetStdHandle
GetVersionExA
LCMapStringA
GetProcAddress
TlsSetValue
EnterCriticalSection
GetSystemTimeAsFileTime
GetTickCount
WritePrivateProfileStructA
GetCurrentThread
GetUserDefaultLCID
MoveFileA
SetFileTime
lstrcpyn
GetDateFormatA
SetFilePointer
MultiByteToWideChar
OpenSemaphoreA
VirtualQuery
GetTimeZoneInformation
GetFileSize
GetModuleFileNameA
FindFirstFileA
InitializeCriticalSection
GetOEMCP
TerminateProcess
FreeEnvironmentStringsW
ReadConsoleInputW
GetComputerNameA
HeapCreate
VirtualFreeEx
GetThreadContext
TlsAlloc
GlobalDeleteAtom
InterlockedExchange
WaitForDebugEvent
ExitProcess
SetHandleCount
GetCPInfo
GetProcessHeap
WideCharToMultiByte
EnumSystemCodePagesW
LCMapStringW
CreateDirectoryExA
GetStringTypeExW
GetLastError
GetCurrentThreadId
CreateProcessA
VirtualAlloc
GetWindowsDirectoryW
GlobalUnfix
LoadLibraryA
CreateDirectoryA
CreateNamedPipeA
GetShortPathNameA
GetCurrencyFormatA
HeapDestroy
LeaveCriticalSection
SetThreadLocale
DeleteCriticalSection
WriteFile
QueryPerformanceCounter
HeapAlloc
HeapFree
LocalReAlloc
GetFileType
IsValidCodePage
HeapReAlloc
GetCompressedFileSizeA
TlsFree

comctl32

GetEffectiveClientRect
ImageList_AddMasked
ImageList_GetIconSize
ImageList_LoadImageA
DestroyPropertySheetPage
CreatePropertySheetPage
InitMUILanguage
ImageList_DragLeave
InitCommonControlsEx
ImageList_Duplicate
ImageList_Replace
ImageList_GetDragImage
ImageList_Destroy
ImageList_GetIcon
ImageList_GetFlags
ImageList_LoadImageW
ImageList_ReplaceIcon
ImageList_Read
ImageList_SetBkColor
ImageList_DragEnter
ImageList_GetBkColor
ImageList_DrawEx
CreateStatusWindowW
ImageList_Copy

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8876f40223646c1c21e094f4d28f2969

Headers

File Characteristics

Imports

shell32

comdlg32

user32

advapi32

kernel32

comctl32

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 260KB - Virtual size: 257KB

.data Size: 108KB - Virtual size: 125KB

.rsrc Size: 92KB - Virtual size: 91KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 260KB - Virtual size: 257KB

.data
Size: 108KB - Virtual size: 125KB

.rsrc
Size: 92KB - Virtual size: 91KB