d771e9dd04bd09bbbcde92e8add564cb

Sharing

Copy URL Twitter E-mail

General

Target

d771e9dd04bd09bbbcde92e8add564cb
Size

175KB
MD5

d771e9dd04bd09bbbcde92e8add564cb
SHA1

eb07505dba9b0ba41a039a8215a73ed359f7a92c
SHA256

fb44a12223568148968f5405f0a2725a1ecc9dc48ff82748bd568d68a8b8fa07
SHA512

914bfc2a4441a8be779fe7142f862552e91777e0dd3a8ddcd0fb9d48db155a7b4602b002051d65bebc9dc08e0372f60d522e980a0f5f680493fcd5926a57ec81
SSDEEP

3072:5PCUGVQUpRni8HphE7SWFcSewaZ8sJyyvmMw8yEeiGlUMMnMMMMMX7I7Da:5qUGq8i8XE7SWFcSewaqsJyyhw8y3iGE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d771e9dd04bd09bbbcde92e8add564cb

Files

d771e9dd04bd09bbbcde92e8add564cb
.exe windows:5 windows x86 arch:x86

49f5eec349c9bbaadbd1ecd1ca25f9eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiDatabaseExportW

wintrust

WintrustRemoveActionID
WTHelperCertIsSelfSigned
WintrustAddActionID
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

kernel32

QueryPerformanceCounter
ExitProcess
GetCurrentThreadId
FileTimeToSystemTime
InitializeCriticalSection
SetProcessWorkingSetSize
UnhandledExceptionFilter
HeapFree
lstrlenA
VirtualAlloc
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
GetProcAddress
GetTickCount
SetUnhandledExceptionFilter
InterlockedCompareExchange
lstrcmpiA
HeapAlloc
GetCommandLineA
GetLastError
CompareFileTime
HeapReAlloc
DeleteCriticalSection
GetSystemTimeAsFileTime
WinExec
GetCurrentProcess
lstrlenW

gdi32

GetTextMetricsA
SelectObject
GetTextExtentPointW
GetTextExtentPointA
GetTextMetricsW
DeleteObject

shlwapi

StrCatBuffW

shell32

ShellExecuteA

user32

DialogBoxParamW
WinHelpA
EnableWindow
SendMessageA
ShowWindow
SetWindowLongA
DialogBoxIndirectParamW
GetWindowRect
GetSysColor
ReleaseDC
LoadStringA
MessageBeep
DialogBoxIndirectParamA
SendDlgItemMessageA
CreateWindowExW
SetFocus
EndDialog
CallMsgFilterA
GetDC
LoadCursorA
SendMessageW
GetDlgItem
SetCursor
LoadImageA
SetDlgItemTextA
LoadBitmapA
DialogBoxParamA
GetDlgItemTextA
GetParent

cfgmgr32

CM_Get_Child

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49f5eec349c9bbaadbd1ecd1ca25f9eb

Headers

DLL Characteristics

File Characteristics

Imports

msi

wintrust

kernel32

gdi32

shlwapi

shell32

user32

cfgmgr32

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 75KB - Virtual size: 736KB

.rdata Size: 15KB - Virtual size: 15KB

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 77KB - Virtual size: 77KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 75KB - Virtual size: 736KB

.rdata
Size: 15KB - Virtual size: 15KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 77KB - Virtual size: 77KB