cd9563c6857873bcc94b142c6a2987ed

Sharing

Copy URL Twitter E-mail

General

Target

cd9563c6857873bcc94b142c6a2987ed
Size

185KB
MD5

cd9563c6857873bcc94b142c6a2987ed
SHA1

7a613c98ad153c3a96773df6c5fb6a9123264899
SHA256

274cd975fdf72c65bc6e3044bb41a9a6abe3b3ccc4bff3e1298ee65dd6f177f7
SHA512

985e05820c52065fd0288a24891e778b3bc6bc61043b973b7a6c5cfc9bca2922a044053e5a1095bc51de2cb5cf577de4fb8f46434301fe57a77c42d2f30f81ff
SSDEEP

3072:p06NOW5lOIEhEgNKZgF1LJUARamQLPIym0fWM:ptTPIFNKUamQrM0R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd9563c6857873bcc94b142c6a2987ed

Files

cd9563c6857873bcc94b142c6a2987ed
.exe windows:4 windows

125c0f84c1554cfb812c61169b5a6354

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
SetCurrentDirectoryA
lstrcpyA
GetCurrentDirectoryA
lstrcatA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
HeapFree
GetProcessHeap
GetVersionExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetWindowsDirectoryA
MoveFileExA
GetModuleFileNameA
CloseHandle
CreateProcessA
CopyFileA
GetTempPathA
GetCurrentProcessId
ReadFile
HeapAlloc
GetFileSize
CreateFileA
WaitForSingleObject
OpenProcess
GetProcAddress
FindNextFileA
WideCharToMultiByte
MultiByteToWideChar
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
LCMapStringA
GetStringTypeW
GetStringTypeA
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
FindClose
Sleep
lstrlenA
lstrcpynA
lstrcmpA
LoadLibraryA
CreateMutexA
GetLastError
HeapDestroy
GetEnvironmentVariableA
LoadLibraryExA
FreeLibrary
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP

user32

InvalidateRect
UpdateWindow
SetDlgItemTextA
SystemParametersInfoA
GetWindowRect
MoveWindow
SetTimer
KillTimer
PostMessageA
GetDlgItem
ShowWindow
EnableWindow
EndDialog
FindWindowA
SendMessageA
LoadStringA
wsprintfA
MessageBoxA
DialogBoxParamA
SetFocus

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA

shell32

SHChangeNotify

comctl32

ord17

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

125c0f84c1554cfb812c61169b5a6354

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

comctl32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 128KB - Virtual size: 128KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 128KB - Virtual size: 128KB