c134eeb6720f63669b56dac1f3435cc9

Sharing

Copy URL Twitter E-mail

General

Target

c134eeb6720f63669b56dac1f3435cc9
Size

858KB
MD5

c134eeb6720f63669b56dac1f3435cc9
SHA1

6b2b11d4e73a5659b473d9fcc9abb76b4c045939
SHA256

faa177266e2e79ff26637599a1d20a2d47e1bff1ea4285c91d7511bad5c95473
SHA512

855e60a6a86c9c8afc8679ad682c50d1493f244280d1d22b1dad73e8139e0d0367f0e051b8bc83ed7d9c20c0858592276f18c3033072544595cc634f4d34813c
SSDEEP

24576:KZNYW+iP0TwClUlXQcssAb8qKbmMqSlhlr56a:KZNRqwtQbzKSCPltt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c134eeb6720f63669b56dac1f3435cc9

Files

c134eeb6720f63669b56dac1f3435cc9
.exe windows:4 windows x86 arch:x86

112a2d128d95f8b82f30be64e0ec21ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ScrollWindow
SetCursorPos
OemKeyScan
CheckMenuItem
GetMenuCheckMarkDimensions
UnlockWindowStation
ChangeDisplaySettingsExA
EnableMenuItem
SendMessageTimeoutA
EnableWindow
ExitWindowsEx
ScrollDC
GetCursorInfo
TileChildWindows
OemToCharBuffA
SendInput
GetDCEx
SetWindowTextA
LookupIconIdFromDirectory
ReleaseCapture
UnhookWinEvent
DdeAccessData
EnumDesktopWindows
CreateCursor
GetCursorPos
DdeClientTransaction
OpenClipboard
CloseWindow
ToUnicode
AnyPopup
FreeDDElParam
ModifyMenuA
RealChildWindowFromPoint
DeleteMenu
GetTabbedTextExtentA
InSendMessage
GetScrollBarInfo
LoadStringA
LoadCursorFromFileA
DdeConnectList
GetSysColor
LoadMenuA
SetCaretPos
CharUpperBuffA
ShowWindowAsync
GetInputState

advapi32

GetEffectiveRightsFromAclA
CryptEnumProvidersA
ConvertAccessToSecurityDescriptorA
CryptExportKey
CryptDecrypt
AddAuditAccessAce
CryptHashSessionKey
CryptDestroyKey
RegEnumValueA
InitializeSecurityDescriptor
QueryServiceLockStatusA
CryptGetKeyParam
RegCreateKeyA
FreeSid
SetServiceStatus
CryptDeriveKey
RegSetValueA
GetNumberOfEventLogRecords
RegCreateKeyExA
GetSecurityDescriptorSacl
ObjectCloseAuditAlarmA
CryptGetDefaultProviderA
RegRestoreKeyA
AddAccessAllowedAce
GetSecurityDescriptorGroup
CryptSetHashParam
GetAce
AddAce
DeregisterEventSource
ChangeServiceConfigA
GetMultipleTrusteeOperationA
CryptHashData
RegQueryMultipleValuesA
RegDeleteValueA
CryptSetKeyParam
ObjectPrivilegeAuditAlarmA
GetSecurityDescriptorDacl
CryptEnumProviderTypesA
RegSaveKeyA
GetOverlappedAccessResults
ImpersonateNamedPipeClient
CryptSignHashA
CryptGetProvParam
CreatePrivateObjectSecurity

shlwapi

PathIsUNCA

Sections

.qxsl
Size: 635KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lmbmz
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zsh
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rkzwl
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rkbsr
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fkpmx
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hwhir
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xqxqn
Size: 48KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qdct
Size: 124KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

112a2d128d95f8b82f30be64e0ec21ab

Headers

File Characteristics

Imports

user32

advapi32

shlwapi

Sections

.qxsl Size: 635KB - Virtual size: 1.3MB

.lmbmz Size: 5KB - Virtual size: 5KB

.zsh Size: 19KB - Virtual size: 27KB

.rkzwl Size: 512B - Virtual size: 20KB

.rkbsr Size: 6KB - Virtual size: 15KB

.fkpmx Size: 512B - Virtual size: 56B

.hwhir Size: 512B - Virtual size: 24B

.xqxqn Size: 48KB - Virtual size: 76KB

.qdct Size: 124KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

.qxsl
Size: 635KB - Virtual size: 1.3MB

.lmbmz
Size: 5KB - Virtual size: 5KB

.zsh
Size: 19KB - Virtual size: 27KB

.rkzwl
Size: 512B - Virtual size: 20KB

.rkbsr
Size: 6KB - Virtual size: 15KB

.fkpmx
Size: 512B - Virtual size: 56B

.hwhir
Size: 512B - Virtual size: 24B

.xqxqn
Size: 48KB - Virtual size: 76KB

.qdct
Size: 124KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB