047ded5c7549a9f9179b77581d1b86e14630fdb6541787c6607532a6e1169d0a

Sharing

Copy URL

Twitter E-mail

General

Target

047ded5c7549a9f9179b77581d1b86e14630fdb6541787c6607532a6e1169d0a
Size

345KB
MD5

398e8c7e0393940ea16974aa304ee5ef
SHA1

5b41749c95f425fa0d5013b879ccbe58f06c0aaf
SHA256

047ded5c7549a9f9179b77581d1b86e14630fdb6541787c6607532a6e1169d0a
SHA512

c526703f3a20ee4171777b1af44f16462e9b87d0d973c97bd44e372df9aab4f90be8f9ad9e039a23da579cf609d303a4a593b9dc83b1e3df082524e3daa8405f
SSDEEP

6144:a6M5MRHIJ9XrrZTWdZj2iuOYXmwn+GcyBaBwhQuPZQ1IJuMCJqXVw/P85A4s6VF:5wXoD26FsVaBYQa3XVyQVVF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
047ded5c7549a9f9179b77581d1b86e14630fdb6541787c6607532a6e1169d0a

Files

047ded5c7549a9f9179b77581d1b86e14630fdb6541787c6607532a6e1169d0a
.exe windows:4 windows x86 arch:x86

074667639a3d55125ce43219b20377c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDlgItemInt
GetLastActivePopup
GetWindowPlacement
GetSysColor
DialogBoxParamA
GetWindow
EndDialog
SendDlgItemMessageA
CreateDialogIndirectParamA
TileWindows

gdi32

EndDoc
EnumObjects
Ellipse
ExtSelectClipRgn
FrameRgn
CreateDiscardableBitmap
CreateDCA
CombineTransform
GdiSetBatchLimit
CombineRgn
CopyMetaFileA
CreateCompatibleBitmap
BitBlt
CreateFontA
CreateCompatibleDC

advapi32

RegNotifyChangeKeyValue
RegSetValueA
ReportEventA
RegOpenKeyA
RegConnectRegistryA
RegSaveKeyA
ReportEventW
RegQueryValueExA
PrivilegeCheck

kernel32

GetProcAddress
GetCommandLineA
GetACP
ResumeThread
SuspendThread
SetEvent
GetStartupInfoA
FreeEnvironmentStringsA
GetModuleHandleA
VirtualAlloc
VerLanguageNameA
IsValidCodePage
IsBadStringPtrA
GetCPInfo
GetNumberFormatA
HeapAlloc
LocalFlags
GetUserDefaultLCID
ResetEvent
VirtualLock
GetUserDefaultLangID
LocalFree
SetLocaleInfoA
GetPrivateProfileStructA
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA

version

GetFileVersionInfoSizeA
VerInstallFileA
VerFindFileA
GetFileVersionInfoA
VerQueryValueA

winspool.drv

AddPrintProcessorA
AbortPrinter
EnumPrintProcessorsW
EnumJobsA
AddPrinterConnectionA
SetPrinterW
SetJobW
SetPrinterA
AddPrinterConnectionW
GetPrinterDriverA
AdvancedDocumentPropertiesA
AddPrinterA
EnumPrintProcessorsA
AddJobA

netapi32

NetConfigGetAll
NetErrorLogRead
NetGetDCName
NetAuditClear
NetGetAnyDCName
NetErrorLogClear
NetGetJoinInformation
NetConfigSet
NetConfigGet
NetAuditRead
NetServerComputerNameDel
NetLocalGroupDelMembers
NetGroupAddUser
NetAuditWrite
NetErrorLogWrite
NetFileEnum
NetGroupAdd

msvcrt

_acmdln
_XcptFilter
exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_exit

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gmlbow
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

074667639a3d55125ce43219b20377c4

Headers

File Characteristics

Imports

user32

gdi32

advapi32

kernel32

version

winspool.drv

netapi32

msvcrt

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 101KB

.gmlbow Size: 318KB - Virtual size: 317KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 101KB

.gmlbow
Size: 318KB - Virtual size: 317KB

.rsrc
Size: 4KB - Virtual size: 4KB