d61ba8e7f242b64ea513b2bb31f35f1d

Sharing

Copy URL Twitter E-mail

General

Target

d61ba8e7f242b64ea513b2bb31f35f1d
Size

21KB
MD5

d61ba8e7f242b64ea513b2bb31f35f1d
SHA1

e420c664ba315f656780f94d1854e64e3d7784fe
SHA256

7a5215d0ea045e6f53134db53c399d51ca4c1409bc6f2f11bca78369e03a75b8
SHA512

1cdf0424ac88b9a4d1db5d53a4c283c3e0a268e178c628bca65d4a1b8118e89f32ab39721a0d4c61cd83a67211a756df214ac8ed62f00d082a32b522de8bea96
SSDEEP

384:xyIsKfx/MySEm0DogwvE9ZMOR1nqALMtd3pWEySKSfJS5VDkIvsFFOK:xhsKfpMySEpogwvE9pREALMP3pWE9rh7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d61ba8e7f242b64ea513b2bb31f35f1d

Files

d61ba8e7f242b64ea513b2bb31f35f1d
.exe windows:5 windows x86 arch:x86

8ae790d58fbcd48c5f61f11bb2653695

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
InterlockedPopEntrySList
GetTickCount
TerminateThread
ReplaceFileA
VirtualQuery
DnsHostnameToComputerNameA
GlobalDeleteAtom
EnterCriticalSection
CreateProcessInternalA
GetCurrentThreadId
_llseek
GetCurrentProcessId
EnumResourceTypesA
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
CreateEventW

opengl32

glRasterPos4s
glColor4d
wglDescribePixelFormat
glFogiv
glIndexf
glLoadName
wglGetDefaultProcAddress
glNormal3s
glEvalCoord2fv
glMapGrid2f
glRenderMode
glIndexdv
glNormalPointer
glDrawElements
glListBase
glLightModeli
glRects
glRasterPos4d

winmm

auxOutMessage
midiOutPrepareHeader
mciGetCreatorTask
midiOutUnprepareHeader
joyReleaseCapture
waveInUnprepareHeader
mmioDescend
mciGetDeviceIDFromElementIDA
mmioGetInfo
timeGetTime
midiStreamStop
midiInMessage
mixerMessage

msvcrt20

_fcvt
_ismbbkpunct
??0istrstream@@QAE@ABV0@@Z
memcpy
_getpid
fgetc
_tcsrchr
fabs
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
_mbscmp
sqrt
_ismbcl1
_tcsncset
_mbsinc

mapistub

FtMulDw@12
LpValFindProp@12
MAPIResolveName
MAPIOpenLocalFormContainer
OpenTnefStream@28
MAPIAddress
BMAPIFindNext
EncodeID@12
FBadSortOrderSet@4
FtMulDwDw@8
GetAttribIMsgOnIStg@12
InstallFilterHook@4
ScMAPIXFromSMAPI
BMAPIResolveName
WrapCompressedRTFStream

shlwapi

StrRChrW
StrDupW
SHRegCloseUSKey
SHCreateThread
StrRChrA
wnsprintfA
PathIsUNCServerShareA
UrlGetPartW
PathAddBackslashA
SHLoadIndirectString
StrToIntExA
SHSetValueW
UrlApplySchemeW
PathUnquoteSpacesW
StrRetToStrA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ae790d58fbcd48c5f61f11bb2653695

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

opengl32

winmm

msvcrt20

mapistub

shlwapi

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 1024B - Virtual size: 634B

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 1024B - Virtual size: 634B

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB