df1d18aae4b2ac3f8b01c5a6cbff9159

Sharing

Copy URL Twitter E-mail

General

Target

df1d18aae4b2ac3f8b01c5a6cbff9159
Size

756KB
MD5

df1d18aae4b2ac3f8b01c5a6cbff9159
SHA1

6f5f59979bfed50c130f3c186d35af900453f2c2
SHA256

7528dd7bd2db9bc37feec3fa156e880369ea5ee945d5d07f3c33ae9293d885de
SHA512

3f6ed151856a28ed07aba6c2216b6599944a38434983e945ccb42b68b51d66446f9a8b4a474ceacd0f9c850e7637108923f8ffb672ee09bc26d27879ba639b22
SSDEEP

12288:lu4N6jF1i1edAa+EG1aSHp/Ew3PcLPXTUVgq6yCd7dCLmEGzRkqUhJahSqqGIAOO:luXjQ2B+T1aSHpfcLPXgVg6CBd536hJM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df1d18aae4b2ac3f8b01c5a6cbff9159

Files

df1d18aae4b2ac3f8b01c5a6cbff9159
.exe windows:4 windows x86 arch:x86

1d61944605160ebbb5ddb11df21b03ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\roq\okqaw\dtoo\e

Imports

user32

ScrollDC
ToUnicode
DestroyWindow
AppendMenuW
CreateWindowExW
DefWindowProcW
GetDCEx
LoadMenuIndirectW
AnimateWindow
DestroyMenu
SetScrollInfo
SubtractRect
AdjustWindowRectEx
RegisterClassExA
RegisterClassA
SendNotifyMessageA
TranslateAccelerator
ShowWindow
SetProcessWindowStation
FillRect
GetMenuContextHelpId
CopyImage
ToAsciiEx
EmptyClipboard
CharLowerBuffW
EnumClipboardFormats
GetClassInfoExW
EnumThreadWindows
HideCaret
GetWindowModuleFileNameA
MessageBoxA

comctl32

ImageList_Create
CreateStatusWindowW
DrawStatusText
ImageList_Merge
DrawStatusTextW
CreateMappedBitmap
CreateToolbar
ImageList_GetIcon
CreateStatusWindow
DestroyPropertySheetPage
ImageList_GetFlags
CreatePropertySheetPageW
InitCommonControlsEx
ImageList_SetOverlayImage
DrawInsert

comdlg32

GetFileTitleW
ReplaceTextW
GetOpenFileNameW
PageSetupDlgA

kernel32

GetVersion
GlobalAlloc
TerminateProcess
GetSystemTimeAsFileTime
HeapFree
GetStartupInfoA
VirtualFree
CompareStringA
LocalAlloc
CreateMutexA
TlsGetValue
GetCurrentProcess
GetCommandLineA
FreeEnvironmentStringsW
RtlZeroMemory
CommConfigDialogW
GetLocaleInfoA
MoveFileA
SetConsoleCtrlHandler
FillConsoleOutputCharacterW
SetConsoleCursorInfo
GetModuleFileNameW
GetStartupInfoW
IsBadWritePtr
CloseHandle
GetCurrentThread
EnumDateFormatsA
GetStdHandle
TlsFree
SetThreadLocale
GetCPInfo
FlushFileBuffers
EnumCalendarInfoW
CompareStringW
HeapDestroy
OpenMutexA
SetLocaleInfoA
GetModuleHandleA
GetModuleFileNameA
InterlockedIncrement
DeleteCriticalSection
EnumSystemCodePagesW
GetStringTypeW
HeapValidate
GetPrivateProfileStructA
LCMapStringA
VirtualQuery
GetACP
WriteConsoleW
IsValidLocale
GetLocaleInfoW
HeapAlloc
MoveFileW
QueryPerformanceCounter
GetTimeFormatW
GetOEMCP
SetUnhandledExceptionFilter
GetTickCount
GetTimeFormatA
VirtualAlloc
FreeEnvironmentStringsA
SetStdHandle
EnumTimeFormatsW
GetConsoleMode
RaiseException
RtlFillMemory
WaitForDebugEvent
lstrlenW
GetConsoleCP
GetConsoleOutputCP
SetComputerNameW
GetProcessHeap
InitializeCriticalSection
GetShortPathNameA
GetCommandLineW
WriteConsoleA
SetEnvironmentVariableW
GetEnvironmentStringsW
ExitProcess
FormatMessageA
GetProcAddress
GetCurrentThreadId
GetStringTypeA
DebugBreak
RtlUnwind
WaitForMultipleObjectsEx
FindAtomW
GetDateFormatA
GetLastError
GetCurrentProcessId
FreeLibrary
MultiByteToWideChar
GetThreadPriorityBoost
WritePrivateProfileStringW
GetSystemDefaultLCID
UnhandledExceptionFilter
GetFileType
lstrcpynW
FoldStringA
GetTimeZoneInformation
InterlockedExchange
SystemTimeToTzSpecificLocalTime
WideCharToMultiByte
lstrlenA
WriteFile
UnlockFile
GetNamedPipeHandleStateW
LocalFlags
IsValidCodePage
SetLastError
SetHandleCount
GetComputerNameW
IsBadReadPtr
LCMapStringW
EnumSystemLocalesA
CreateFileA
SetEnvironmentVariableA
FreeLibraryAndExitThread
LocalUnlock
SetFilePointer
ReadConsoleOutputCharacterW
InterlockedDecrement
SetTimeZoneInformation
EnumResourceNamesA
LoadLibraryA
HeapLock
LeaveCriticalSection
OutputDebugStringW
GlobalHandle
TlsAlloc
HeapCreate
LoadLibraryW
TlsSetValue
IsDebuggerPresent
lstrcmpA
GetEnvironmentStrings
ReadFile
EnterCriticalSection
OutputDebugStringA
HeapReAlloc
GetVersionExA
FoldStringW
GetUserDefaultLCID

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d61944605160ebbb5ddb11df21b03ec

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

comdlg32

kernel32

Sections

.text Size: 328KB - Virtual size: 325KB

.rdata Size: 296KB - Virtual size: 292KB

.data Size: 116KB - Virtual size: 135KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 328KB - Virtual size: 325KB

.rdata
Size: 296KB - Virtual size: 292KB

.data
Size: 116KB - Virtual size: 135KB

.rsrc
Size: 12KB - Virtual size: 8KB