be0a3ff2fca77e148b5f3ed1ef8ec748

Sharing

Copy URL

Twitter E-mail

General

Target

be0a3ff2fca77e148b5f3ed1ef8ec748
Size

91KB
MD5

be0a3ff2fca77e148b5f3ed1ef8ec748
SHA1

5f237fce89f85a6d909681cf0d12a233b695af62
SHA256

2108573b9712ab49492c08931f42f3a3d269be1669d2380840be0ade45c87984
SHA512

21d48399f16de97552fabff445628b475d9ffebc0844fbf96ff13c4cfe9220876a4ed8e5068804a8a135804c8770ef8ea645167da57b069d75e3c24fd946e62f
SSDEEP

1536:8Jcl/fUdHUO68+THcUUIifmYUuxUvbQvYzZDHrhOAWNirZMMDj2eJi8HF5D/Z+0:8Cl/Md0OkTHZEjxSDLsn+j2ai8HF5DM0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

be0a3ff2fca77e148b5f3ed1ef8ec748

resource
be0a3ff2fca77e148b5f3ed1ef8ec748

Files

be0a3ff2fca77e148b5f3ed1ef8ec748
.exe windows:5 windows x86 arch:x86

6b7c97478a5b3ad7b52931df24dec2c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipReversePath
GdipGetLogFontW
GdipGetVisibleClipBounds
GdipGetClipBoundsI
GdipIsVisiblePoint
GdipCreateLineBrush
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromStream
GdipClearPathMarkers
GdipSetPathMarker

kernel32

LocalFree
IsDebuggerPresent
SetEndOfFile
FindFirstFileExW
GetFileAttributesExA
WaitForMultipleObjects
FindNextFileW
WriteFileEx
SetFileAttributesW
HeapReAlloc
HeapAlloc
CloseHandle
GetThreadContext
GetCPInfo
GetCurrentProcess
HeapFree
GetModuleHandleExW
GetSystemTimes
GlobalAlloc
VirtualFreeEx
Sleep
LocalReAlloc
TerminateProcess
CompareStringW
GetLastError
VirtualAllocEx
GlobalFree
GetLocalTime
GlobalMemoryStatusEx
GlobalHandle

user32

EndPaint
BeginPaint
PeekMessageA
TranslateMessage

advapi32

RegCloseKey
RegOpenKeyA
GetUserNameA
RegLoadKeyA
DuplicateToken
IsTextUnicode
RegUnLoadKeyA
OpenServiceW
OpenSCManagerW
OpenProcessToken

Exports

Exports

_CutThisItem@4
_RealTime@4
_WatchMe@8

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b7c97478a5b3ad7b52931df24dec2c1

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 160B

.pdata Size: 512B - Virtual size: 512B

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 512B - Virtual size: 262B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 160B

.pdata
Size: 512B - Virtual size: 512B

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 512B - Virtual size: 262B