d7759a465d86a0cf88774e3d3e6f7cab

Sharing

Copy URL Twitter E-mail

General

Target

d7759a465d86a0cf88774e3d3e6f7cab
Size

173KB
MD5

d7759a465d86a0cf88774e3d3e6f7cab
SHA1

2dbfa282d78bac23a7099c66e4d2ef17eb777493
SHA256

e90b0f22ebe61473635065e331a501aad49a51a6176f71ccb5d3b7e3395d6dd6
SHA512

6cc20e376860b6ed5b2a716f33a75b6c182aacd4aea0e9db0538ea88e409b1c6358094dc950caae5ad9a269bb7cd79cdb36409a900a3a3531725b7327296da71
SSDEEP

3072:9Lwgzgg7Cva35FLUslJYrsfBf0jcMTyq+EfBq:9Lpz7CvvAKsfx0jcbqj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7759a465d86a0cf88774e3d3e6f7cab

Files

d7759a465d86a0cf88774e3d3e6f7cab
.exe windows:4 windows x86 arch:x86

30d642bfd0e989d635d722e24296fa9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCW
SHRegGetValueW
StrDupW
PathSkipRootW
PathGetArgsW
PathFindFileNameW

advapi32

RegOpenKeyExW
EncryptFileW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
DecryptFileW
RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyW
RegCloseKey

gdiplus

GdipGetImageWidth
GdipDisposeImage

user32

GetClassNameW
GetPropW
AllowSetForegroundWindow
GetGUIThreadInfo
GetWindowThreadProcessId
GetForegroundWindow

ole32

CoGetDefaultContext
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemFree

kernel32

FindClose
GetModuleHandleW
FindFirstFileW
LocalFree
GetCalendarInfoW
SetFileAttributesW
InterlockedExchange
ExitProcess
UnmapViewOfFile
Sleep
lstrlenW
LoadLibraryW
GetFileAttributesW
GetCurrentDirectoryW
VirtualProtect
CreateFileMappingW
FindNextFileW
QueryPerformanceCounter
GetProcAddress
lstrcmpiW
OpenProcess
SetUnhandledExceptionFilter
EncodePointer
SetLastError
MultiByteToWideChar
CreateDirectoryW
SetEnvironmentVariableW
FreeLibrary
EnumResourceNamesA
VirtualQuery
GetProcessId
GetModuleFileNameW
GetCurrentThreadId
ReleaseMutex
UnhandledExceptionFilter
QueryDosDeviceW
GetCurrentProcess
DuplicateHandle
EnterCriticalSection
MapViewOfFile
WideCharToMultiByte
GetFileSizeEx
GetTickCount
IsWow64Process
LocalAlloc
InitializeCriticalSection
GetFileInformationByHandle
WaitForSingleObject
OutputDebugStringW
SearchPathW
GetLogicalDriveStringsW
OutputDebugStringA
GetSystemTimeAsFileTime
InterlockedCompareExchange
GetLastError
GetModuleHandleA
CreateMutexW

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30d642bfd0e989d635d722e24296fa9b

Headers

File Characteristics

Imports

shlwapi

advapi32

gdiplus

user32

ole32

kernel32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 71KB - Virtual size: 71KB

.edata Size: 1024B - Virtual size: 96KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 71KB - Virtual size: 71KB

.edata
Size: 1024B - Virtual size: 96KB