01fc84fe4845f64ed30f965c54906c077b5ad5815b6ddd77114698e61a83ae01

Sharing

Copy URL Twitter E-mail

General

Target

01fc84fe4845f64ed30f965c54906c077b5ad5815b6ddd77114698e61a83ae01
Size

117KB
MD5

81afe878534e99d486db8cfff5c0cee3
SHA1

073f412f896b5b025dd1e1954c69013a6c72de1b
SHA256

01fc84fe4845f64ed30f965c54906c077b5ad5815b6ddd77114698e61a83ae01
SHA512

eefa268979b0a0395667d57c0161a6581075bbc61a1fa2f2beb5ee63e53ba237bff590ab13c5b114ad005a42809c641334b9d61c978a6d89c1a3420892f1faa6
SSDEEP

3072:BTBlM3kO4Ik3JzAjfCFbIV9p/FJ8LRqESUFLrpkQLeFwpm8:BzIIJzkV8bSU9qw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01fc84fe4845f64ed30f965c54906c077b5ad5815b6ddd77114698e61a83ae01

Files

01fc84fe4845f64ed30f965c54906c077b5ad5815b6ddd77114698e61a83ae01
.exe windows:5 windows x86 arch:x86

2a1b5a62f648020037e0d8e554eec3ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerLanguageNameA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerFindFileW

comctl32

CreateStatusWindowW

comdlg32

CommDlgExtendedError
PrintDlgA
PageSetupDlgA
FindTextA
PrintDlgW
PrintDlgExW
PageSetupDlgW
GetOpenFileNameW
ChooseColorA
GetSaveFileNameW
ChooseFontW
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleW
FindTextW
ChooseColorW
GetFileTitleA
ChooseFontA

shlwapi

PathIsDirectoryW
StrDupW
StrCatW
StrCatBuffW
PathStripToRootW
SHDeleteKeyW
PathIsURLW
StrRetToBufW
PathAppendW
SHStrDupW
StrChrIW
StrCmpNIA
PathFindExtensionA
PathCreateFromUrlW
PathIsUNCW
UrlIsW
SHSetValueW
PathFindFileNameW
wnsprintfW
PathCombineW
StrToIntW
SHGetValueW
StrCmpW
StrCpyW
SHDeleteValueA
PathRemoveExtensionW
PathRemoveBlanksW

msvcrt

memcpy
__initenv
__setusermatherr
_itow
_chsize
iswspace
wcscspn
_rotr
_stat
towupper
strtok
_except_handler3
_finite
wcslen
_ftol
_strnicmp
_ultoa
_exit
wcscpy
fread
__badioinfo
wcsstr
_iob
isdigit
fopen
__p__osver
_commit
_access
__p__iob
srand
malloc
wcsspn
exit
_rotl
_wcsnicmp
strstr
fclose
__p__fmode

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHChangeNotify
DragQueryFileW
CommandLineToArgvW
SHGetFileInfoW
DragQueryFileA
SHFileOperationW
ShellExecuteExW
SHBrowseForFolderA
SHGetMalloc
SHBindToParent

kernel32

GetTempPathA
GetCommandLineA
GetExitCodeThread
SetErrorMode
GetTickCount
VirtualAlloc
GetWindowsDirectoryW
GetCurrentProcessId
IsBadWritePtr
OpenEventA
GetCommandLineW
IsBadReadPtr
SetLastError
Sleep
GetCurrentThreadId
GetFileAttributesW
QueryPerformanceCounter
OpenMutexW
GetDriveTypeA
GetLastError
FindResourceW
ResumeThread
GetFileSize
GetSystemTimeAsFileTime
GetVersion
WaitForSingleObject

rpcrt4

NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer2_Release
UuidFromStringW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcServerRegisterIfEx
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
RpcServerUseProtseqEpW
RpcStringFreeA
NdrStubCall2
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
RpcBindingSetAuthInfoW
RpcStringBindingParseW
NdrDllRegisterProxy
UuidToStringW
CStdStubBuffer_DebugServerQueryInterface
NdrStubForwardingFunction

user32

DrawFocusRect
ReleaseDC
LoadCursorA
MessageBoxA
FindWindowW
FillRect
CallWindowProcW
EnableWindow
RedrawWindow
GetDesktopWindow
UnregisterClassW
ExitWindowsEx
EndPaint
SendMessageW

Sections

BSS
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 487B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a1b5a62f648020037e0d8e554eec3ea

Headers

DLL Characteristics

File Characteristics

Imports

version

comctl32

comdlg32

shlwapi

msvcrt

shell32

kernel32

rpcrt4

user32

Sections

BSS Size: 512B - Virtual size: 480B

.idata Size: 512B - Virtual size: 486B

.code Size: 110KB - Virtual size: 110KB

.textbss Size: 1024B - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 487B

.rsrc Size: 3KB - Virtual size: 3KB

BSS
Size: 512B - Virtual size: 480B

.idata
Size: 512B - Virtual size: 486B

.code
Size: 110KB - Virtual size: 110KB

.textbss
Size: 1024B - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 487B

.rsrc
Size: 3KB - Virtual size: 3KB