d54b0a59cbf00beadc448f892422670b

Sharing

Copy URL Twitter E-mail

General

Target

d54b0a59cbf00beadc448f892422670b
Size

409KB
MD5

d54b0a59cbf00beadc448f892422670b
SHA1

9fc29bf574d86d67de5f64cba98b69760a067dbc
SHA256

f566307a3a40eab04e049098ecb30d23a983638ad20bea0cd77a8632bb1e8883
SHA512

bd99f99b1f0f6f90292df4e5c16dc567b407c4d2b891ea6032b5ec2fe203bf7a7445221b550e653010aa8b170e3a86b25ecc04ca7e2bd17baf045916ecbe68e9
SSDEEP

6144:WuEHFCG71FvLFHQ4jRTDJn4rpKP5oaanbMvHd5+OYa7ybPV76zg3LVTy9ZOryvsz:WxFBrRw4jjupKPfAbMV5Zib1w0LM7wy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d54b0a59cbf00beadc448f892422670b

Files

d54b0a59cbf00beadc448f892422670b
.exe windows:4 windows x86 arch:x86

b2fb5e12ad73bc91abe79adf3d1b6b97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetFileType
WideCharToMultiByte
GetDateFormatA
RtlUnwind
LeaveCriticalSection
GetCurrentThread
GetCurrentProcess
IsBadWritePtr
VirtualAlloc
TlsGetValue
VirtualFree
HeapReAlloc
HeapCreate
DeleteCriticalSection
GetVersionExA
GetStartupInfoA
InterlockedExchange
GetModuleFileNameA
GetStringTypeA
LCMapStringW
ExitProcess
GetTimeFormatA
LCMapStringA
SetHandleCount
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
IsValidCodePage
GetOEMCP
TlsFree
QueryPerformanceCounter
CompareStringW
TlsSetValue
GetACP
VirtualQuery
GetCurrentThreadId
GetLocaleInfoW
HeapAlloc
HeapSize
HeapFree
AddAtomW
TerminateProcess
GetCurrentProcessId
GetCommandLineA
MultiByteToWideChar
IsValidLocale
FindResourceA
TlsAlloc
GetLocaleInfoA
GetTimeZoneInformation
SetEnvironmentVariableA
GetStdHandle
UnhandledExceptionFilter
WriteFile
EnumSystemLocalesA
GetEnvironmentStrings
GetModuleHandleA
EnterCriticalSection
GetSystemInfo
GetCPInfo
CompareStringA
InitializeCriticalSection
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetLastError
SetLastError
GetProcAddress
GetUserDefaultLCID
HeapDestroy
GetEnvironmentStringsW
VirtualProtect

shell32

SHQueryRecycleBinW
DragQueryFileA
DoEnvironmentSubstA
SHAddToRecentDocs
ExtractAssociatedIconExA
ExtractAssociatedIconExW
SHFileOperationW
SHGetSettings
SheChangeDirExW
DragQueryPoint
SHGetFileInfoA
SHEmptyRecycleBinW
SHBrowseForFolder
ShellExecuteW
SheGetDirA
SHFormatDrive
SHBrowseForFolderA
DoEnvironmentSubstW
ShellExecuteExW

gdi32

CreateBrushIndirect
ExtCreateRegion
ModifyWorldTransform
Escape
GetTextMetricsA
StretchDIBits
GetKerningPairs
GetEnhMetaFileHeader
GetObjectType
GetSystemPaletteEntries
SetPaletteEntries
GetPolyFillMode
PathToRegion
ResetDCW
CombineRgn

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2fb5e12ad73bc91abe79adf3d1b6b97

Headers

File Characteristics

Imports

kernel32

shell32

gdi32

Sections

.text Size: 134KB - Virtual size: 133KB

.data Size: 272KB - Virtual size: 303KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 134KB - Virtual size: 133KB

.data
Size: 272KB - Virtual size: 303KB

.rsrc
Size: 2KB - Virtual size: 1KB