ca22f11b1cdeddd1c2f0fdb24b104db3

Sharing

Copy URL Twitter E-mail

General

Target

ca22f11b1cdeddd1c2f0fdb24b104db3
Size

146KB
MD5

ca22f11b1cdeddd1c2f0fdb24b104db3
SHA1

515080ca398898fbae9edec035894894a1059043
SHA256

b0600b16663937e58aa7893a5afe151ceaf98afc403a590fb6f41c9568086770
SHA512

55e240fbc41ac57992b66e35929b29dceeeee8bb30ae2d8229a6aca13b918cae95827732607b2fc44248f8e291d9132428fbf42ea09fe1bd5770892710b4fb5a
SSDEEP

3072:Po3dG5tHAjzSv9CFa7lWcBXpO0utvi0ICCUQz+gtikqhfekQdQtNuZpgOaq:PqyHAjm9C8cU5WimHJC84aq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca22f11b1cdeddd1c2f0fdb24b104db3

Files

ca22f11b1cdeddd1c2f0fdb24b104db3
.exe windows:5 windows x86 arch:x86

3c916f2b80fa02f157e9635a761c2a89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\NMbl\gmzft\wgLlum.pdb

Imports

shlwapi

UrlUnescapeA
UrlGetPartW
StrToIntW

user32

OpenInputDesktop
SendMessageTimeoutA
DestroyIcon
MessageBoxExW
EnumChildWindows
SetMenu
RegisterClassExW
LoadStringA
CreateDialogParamW
TranslateMessage
GetDlgCtrlID
ShowWindowAsync
TabbedTextOutW
GetClassLongA
IsZoomed
DrawIcon
GetMessageExtraInfo
LoadAcceleratorsW
PostThreadMessageA
ExitWindowsEx
PostMessageW
ModifyMenuW
MessageBoxA
ScrollWindow
GetKeyboardLayoutList
CharToOemW
AppendMenuW
SetScrollPos
HiliteMenuItem

ntdll

memset

kernel32

LocalUnlock
HeapCreate
FormatMessageW
RemoveDirectoryA
lstrcmpiW
GetUserDefaultUILanguage
OpenEventA
SetThreadExecutionState
GetLongPathNameW
Sleep
GetAtomNameA
GetWindowsDirectoryA
CreateSemaphoreW
LocalAlloc
WaitForDebugEvent
lstrcatA
CompareStringW

gdi32

UnrealizeObject
CreateRectRgnIndirect
EnumFontFamiliesExW
SetBitmapBits
GetROP2
DeleteDC
DeleteObject
RemoveFontResourceW
ExtFloodFill
EnumFontsW
SetPaletteEntries
ResizePalette
GetCharWidth32W

Exports

Exports

?__Ns_l__nfhe@@YGKJI@Z
?GLIPiQYZejqmoi@@YGFPAJ_N@Z
?JNPfxNtjle_QLUSK@@YGPAFD@Z
?nwjy_ao@@YGXF@Z
?gphcdPIFZNSHEDUY@@YGXMPAD@Z
?xgvHOIxwreuk_i_@@YGPAIM@Z
?sf__rxd_E_WDLpisajD_@@YGXPAIG@Z
?p_dn__hek_ii_s_gi_@@YGPAXHPAJ@Z
?U_SSQOTU@@YGEF@Z
?S___L_YWHOSL_S@@YGGE@Z
?xmwcsIAA_w_zmhel__mwh@@YGPAHMPAF@Z

Sections

.text
Size: 53KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c916f2b80fa02f157e9635a761c2a89

Headers

File Characteristics

PDB Paths

Imports

shlwapi

user32

ntdll

kernel32

gdi32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 209KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 36KB - Virtual size: 35KB

.xdata Size: 31KB - Virtual size: 30KB

.rsrc Size: 7KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 53KB - Virtual size: 209KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 36KB - Virtual size: 35KB

.xdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB