c7869d6d0b2ab4ba9e80e2a583e06e85

Sharing

Copy URL Twitter E-mail

General

Target

c7869d6d0b2ab4ba9e80e2a583e06e85
Size

1.8MB
MD5

c7869d6d0b2ab4ba9e80e2a583e06e85
SHA1

2a5a766f9085231d072fac3f8f039bd915c8649a
SHA256

f3e38f8a4cb7d3e26a936e0fed6be276870124bc8076d0959f81c87ac9478cf7
SHA512

2cb45e74ba699e245170c90d516433e26060d3de390d48877ed3ef72b94a12c863bfd72731b3263fb9f3b61d4cf013bf16ff26acfa793b9b0d1a92a89ff15b0f
SSDEEP

12288:7yGWPPNVNjZ2JgKkLaiqTR++8f7dPrRP4:gdVNxRL1++rO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7869d6d0b2ab4ba9e80e2a583e06e85

Files

c7869d6d0b2ab4ba9e80e2a583e06e85
.exe windows:5 windows x86 arch:x86

efe9b7caa928cc615fbc1ebb39a2983f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmMetrics

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
__setusermatherr
memset

kernel32

LeaveCriticalSection
IsValidCodePage
InitializeCriticalSection
EnterCriticalSection
ExitProcess
GetTickCount
CreateDirectoryW
CreateFileA
CreateFileW
CreateMutexW
GetStartupInfoA
GetModuleHandleA
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetErrorMode
GetCommandLineA
LoadLibraryA
CreateProcessA

user32

EmptyClipboard
GetKeyState
EnableWindow
DrawTextW
DrawTextExW
DrawStateW
DrawIconEx
GetSysColor

gdi32

FrameRgn
SetTextJustification
SetTextColor
SetBkMode
SetBkColor
SelectObject
RectVisible
PtVisible
MoveToEx
LineTo
GetTextMetricsW
GetTextExtentPoint32W
GetStockObject
GetObjectW
GetDeviceCaps
GetCurrentObject
DeleteObject
FillRgn
ExtTextOutW
Escape
DeleteDC
CreateSolidBrush

winspool.drv

OpenPrinterW

advapi32

RegSetKeySecurity
RegLoadKeyW
RegGetKeySecurity
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
GetTokenInformation
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegOpenKeyA
RegSetValueExW
RegUnLoadKeyW

ole32

CoUninitialize
CoTaskMemFree

Sections

.text
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifx
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efe9b7caa928cc615fbc1ebb39a2983f

Headers

File Characteristics

Imports

msacm32

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

Sections

.text Size: 424KB - Virtual size: 422KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 648B

.ifx Size: 4KB - Virtual size: 3KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 424KB - Virtual size: 422KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 648B

.ifx
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB