d65aef7924c4185ff9cca18a339e9453

Sharing

Copy URL Twitter E-mail

General

Target

d65aef7924c4185ff9cca18a339e9453
Size

3.4MB
MD5

d65aef7924c4185ff9cca18a339e9453
SHA1

104e5e834a3a445cfafbbfa1e855b5d96bf3ed21
SHA256

66713e8091cc7ff165d3c914f5908265ef5a7f6229f48fa1d7e20a690f79f23e
SHA512

b3195ff2bf2a5736937ce6dd3464c72236d22a3bdfca5c7f60d00644082255ddbd0929f764f3dbfa7906a7ecf845132486477251bc22a59a43cfa04919754661
SSDEEP

49152:rRaDqa1Hg1Zcv/lrgb+ilxQw5tfFF3yUt/Cxw+boMV7g8X4DhMVmrIT85STf5ULg:r8VEZ4//ixQGdyqSD2gcrl0qg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d65aef7924c4185ff9cca18a339e9453

Files

d65aef7924c4185ff9cca18a339e9453
.exe windows:5 windows

d7555347e5e2a56c03b27076fd40fc1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigTransportCreate
MprConfigInterfaceGetHandle
MprConfigInterfaceTransportAdd
MprConfigInterfaceGetInfo

imm32

ImmGetDefaultIMEWnd
ImmSetCompositionFontW
ImmSetOpenStatus
ImmReleaseContext
ImmAssociateContextEx
ImmSetCompositionWindow

cryptui

CryptUIDlgViewCertificateW

kernel32

DeleteCriticalSection
LocalAlloc
CreateFileMappingW
GetCommandLineW
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetLocalTime
lstrlenW
GlobalFree
GetFileAttributesW
HeapFree
HeapAlloc
FindResourceW
LocalFree
VirtualAlloc
GetProcessId
HeapSetInformation
GetStartupInfoW
RaiseException
EncodePointer
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
Sleep
RtlUnwind
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
HeapReAlloc
SetLastError

advapi32

GetTraceLoggerHandle
RegCreateKeyExW

user32

ChildWindowFromPointEx
DeleteMenu

shell32

DragFinish
DragQueryFileW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetDesktopFolder

wintrust

CryptCATAdminEnumCatalogFromHash

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 71.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7555347e5e2a56c03b27076fd40fc1f

Headers

File Characteristics

Imports

mprapi

imm32

cryptui

kernel32

advapi32

user32

shell32

wintrust

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 7KB - Virtual size: 71.6MB

.rsrc Size: 49KB - Virtual size: 49KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 7KB - Virtual size: 71.6MB

.rsrc
Size: 49KB - Virtual size: 49KB