d3d926464a271358bfd08632b8fea021

Sharing

Copy URL

Twitter E-mail

General

Target

d3d926464a271358bfd08632b8fea021
Size

68KB
MD5

d3d926464a271358bfd08632b8fea021
SHA1

cff41c9c90782aba9f9cd92238218f2d57f23642
SHA256

c64567bfed231a997651d6d7f8af3d4fabfe6b482b9f3c9f6c4676c54a13ae73
SHA512

eb397fe41ba691854ba10e5f4acd482359443b7d5c70155bd28d88b9b834151a68d6b1a18720380eccef43f7fd84c0f0c17ba85584c78bc133f9125d319797d3
SSDEEP

1536:SCNsGtB6krATUB4opT8f6aXf2tdphkAZJJA/M7Zjje5Z:SCNLG+pT8Japh3Z8/YxC5Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3d926464a271358bfd08632b8fea021

Files

d3d926464a271358bfd08632b8fea021
.exe windows:4 windows x86 arch:x86

5d997aba59eb3ea6f854d5c3d72e87b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
DeleteFileA
EnumResourceNamesA
ExitProcess
GetACP
GetCommandLineA
GetFileSize
GetLastError
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetStartupInfoA
GetSystemTimeAsFileTime
HeapAlloc
InterlockedIncrement
LeaveCriticalSection
RtlUnwind
SetErrorMode
SetLastError
TlsGetValue
WritePrivateProfileSectionA

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegQueryValueA
LookupPrivilegeValueA

ole32

CoInitialize
CoDisconnectObject
CoUninitialize
CoCreateInstance
OleInitialize
StringFromGUID2
RevokeDragDrop
RegisterDragDrop
OleUninitialize
CoResumeClassObjects
CoGetClassObject

user32

SetMenuInfo
OemToCharW
MessageBeep
GetMenu
GetDlgItem
EndPaint
DestroyWindow
DestroyIcon
DeleteMenu
DefDlgProcA
CreatePopupMenu
CreateIconFromResourceEx
CopyImage
CharNextA
MessageBoxA

shell32

SHGetPathFromIDListA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconA
SHFileOperationA
SHGetDesktopFolder
SHGetFileInfoA
SHGetMalloc
SHBindToParent

shlwapi

PathFindFileNameA
PathIsDirectoryA
PathFindExtensionA
PathIsRootA
PathMatchSpecA
PathQuoteSpacesA
PathUnquoteSpacesA
SHAutoComplete
StrChrA
StrStrIA
PathFileExistsA
PathCompactPathExA
PathCanonicalizeA
PathAppendA
PathIsRelativeA

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmSetCompositionWindow

msvcrt

strtol
malloc
memset
rand
strchr
fflush
getenv

oleaut32

SysAllocStringLen
SysStringLen
VariantChangeTypeEx
VariantClear
VariantCopyInd
LoadTypeLib

Exports

Exports

Cyme
Da
Lh
Pc
Qolodzcle
Rsioulma
Rviwowruvxo
Sytedqnjko
Tfkqqlkyqsl
Xqcveshnr

Sections

.text
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d997aba59eb3ea6f854d5c3d72e87b2

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

shell32

shlwapi

imm32

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 16KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 17KB - Virtual size: 20KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 15KB - Virtual size: 16KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 17KB - Virtual size: 20KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB