de83d5b379e4c2d8a2355e987072cd4f

Sharing

Copy URL Twitter E-mail

General

Target

de83d5b379e4c2d8a2355e987072cd4f
Size

140KB
MD5

de83d5b379e4c2d8a2355e987072cd4f
SHA1

1feb4217cee86924fd949d9e751325929ee34eb2
SHA256

8186530cbc163378f01e1b557cb85ebcad0f4c7e770eef75d935a9d01cc7b9ab
SHA512

4208ad4708e244df3e64a74c88ec093b0003b9f60e141ca0b903458cc3c38edb2f700908eefa7c05f2da5c6c3fbed9cf4fdf647a324da18ea112e82153f9a318
SSDEEP

3072:LRtQh5KBEEFdAE+STaW6lmua/IK647pFHqjUulLUV:v/dzt68FA47pFH4Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de83d5b379e4c2d8a2355e987072cd4f

Files

de83d5b379e4c2d8a2355e987072cd4f
.exe windows:4 windows x86 arch:x86

ac4a046608ffd6437d9b743e25a45436

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerFindFileA
VerInstallFileA

gdi32

CreateDIBSection
CreateCompatibleDC
CreateFontIndirectA

comdlg32

GetOpenFileNameA
FindTextA
ChooseColorA
GetFileTitleA
GetSaveFileNameA

advapi32

RegOpenKeyA
RegDeleteValueA
GetLengthSid
RegEnumValueA

comctl32

ImageList_Draw
ImageList_Destroy
ImageList_Write
ImageList_DrawEx
ImageList_Add
ImageList_Read
ImageList_DragShowNolock
ImageList_Remove
ImageList_Create
ImageList_GetBkColor
ImageList_Create
ImageList_Destroy

user32

CreateIcon
CreatePopupMenu
MessageBoxA

kernel32

GetLastError
IsBadReadPtr
ExitThread
WideCharToMultiByte
VirtualFree
LoadLibraryA
VirtualAlloc
ExitProcess
GetModuleHandleA
VirtualQuery
IsBadHugeReadPtr
SizeofResource
WriteFile
GetModuleHandleW
GetCommandLineW
lstrcpyA
WaitForSingleObject
lstrlenA
GetProcAddress

ole32

StgCreateDocfileOnILockBytes
StringFromIID
StgOpenStorage
CoGetContextToken

msvcrt

asin
log10
atan

oleaut32

VariantChangeType
SafeArrayUnaccessData
SysReAllocStringLen
GetErrorInfo
SafeArrayGetUBound

shlwapi

PathFileExistsA
SHSetValueA
SHGetValueA
SHDeleteKeyA
SHQueryInfoKeyA
SHStrDupA
SHQueryValueExA

shell32

SHGetFileInfoA
SHFileOperationA

Sections

CODE
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac4a046608ffd6437d9b743e25a45436

Headers

File Characteristics

Imports

version

gdi32

comdlg32

advapi32

comctl32

user32

kernel32

ole32

msvcrt

oleaut32

shlwapi

shell32

Sections

CODE Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 940B

.adata Size: 4KB - Virtual size: 1KB

DATA Size: 68KB - Virtual size: 66KB

.cdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 832B

CODE
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 940B

.adata
Size: 4KB - Virtual size: 1KB

DATA
Size: 68KB - Virtual size: 66KB

.cdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 832B