df8f1f40b3ee86bb8cb0887e256817c7

Sharing

Copy URL Twitter E-mail

General

Target

df8f1f40b3ee86bb8cb0887e256817c7
Size

138KB
MD5

df8f1f40b3ee86bb8cb0887e256817c7
SHA1

0e81c5e644be6f69d0583090fad8338cd4f0e733
SHA256

6fc2c9a2fda270f495f3903ee50241c1b88282e4f4aacc4947a3ab08d165c793
SHA512

b17a3d19d2224ad41fbd4148c0f2a23b357abcf961528d68c539d1aa70bcd73c9e59618a136a499d24587cdb1edb879cd2c9e7eb1116e1e20cb79355626e8b4c
SSDEEP

3072:l4M6VxDnhODp6puNLGOpDNRUQhuVT81WdYgWFXHk:lnehkzNLGOdfUQz03WFXE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df8f1f40b3ee86bb8cb0887e256817c7

Files

df8f1f40b3ee86bb8cb0887e256817c7
.exe windows:5 windows x86 arch:x86

2e61461713c75b64e8cda9cd7fa48512

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\xdyehnU\jVMbvAUOvqN\PDtfUnzuxvLb.pdb

Imports

msvcrt

strcpy
sprintf
strncpy
wcsncpy
iswalpha
srand
isdigit
calloc
putchar
perror
_controlfp
__set_app_type
wcstol
wcstok
iswctype
mktime
strrchr
iswspace
__p__fmode
__p__commode
_amsg_exit
_initterm
vswprintf
isalpha
_ismbblead
wcsrchr
strtoul
_XcptFilter
fputc
_exit
memset
_cexit
toupper
fwrite
strstr
__setusermatherr
__getmainargs

user32

EnableScrollBar
RegisterClassA
PostMessageW
DestroyWindow
RegisterWindowMessageA
BeginPaint
MessageBoxExW
SetMenuItemBitmaps
GetTopWindow
DestroyMenu
SetActiveWindow
TranslateAcceleratorA
GetUserObjectInformationW
UpdateWindow
wvsprintfA
RegisterClassExW
GetDialogBaseUnits
GetMessageTime
MapDialogRect
GetClassInfoA
TrackPopupMenu
FillRect
InflateRect
UnionRect
CharNextW
DefDlgProcW
wsprintfW
CharPrevA
InsertMenuA
GetMessageA
IsWindowUnicode
ClientToScreen
SwitchToThisWindow
LockWindowUpdate
IsCharAlphaW
BringWindowToTop
GetCursorPos
IsMenu
MapVirtualKeyW
EnumWindows
GetKeyboardLayoutNameW
HiliteMenuItem
MoveWindow
EqualRect
IsCharAlphaA
SetMenuDefaultItem
GetMonitorInfoW
ChildWindowFromPointEx
BeginDeferWindowPos
ShowCursor
DrawFocusRect
IsCharAlphaNumericW
CharUpperA
SetScrollPos
ShowCaret
DragObject
IsDialogMessageW
OpenIcon
GetScrollPos
ScrollWindow
IsCharUpperA
DestroyCursor
AppendMenuW
GetSysColorBrush
DrawFrameControl
ExitWindowsEx
GetSystemMenu
OffsetRect
GetMenuState
PostThreadMessageA
LoadAcceleratorsW
SetRect
MonitorFromRect
CheckMenuItem
CheckDlgButton
UnloadKeyboardLayout
GetScrollInfo
CloseDesktop
ChildWindowFromPoint
WindowFromPoint
ShowScrollBar
DrawAnimatedRects
CharNextExA
RegisterClassExA
GetCaretPos
LoadImageA
CheckRadioButton

kernel32

HeapUnlock
WaitCommEvent
GetStartupInfoA
ConvertDefaultLocale
lstrlenA
OpenEventA
SetLocalTime
WaitForMultipleObjects
SetThreadExecutionState
IsBadReadPtr
GetFileType
EnumResourceLanguagesA
OpenEventW
DisconnectNamedPipe
LocalAlloc
GetCommConfig
CancelIo
CompareStringW
VirtualProtect
DeleteFileW
lstrcatA
CreatePipe
EnumResourceTypesA
GetModuleFileNameA
FindResourceW
SetThreadContext
GetFileSize
GetVersionExW
GlobalMemoryStatusEx
CreateMailslotW
GetOverlappedResult
SizeofResource
WaitForSingleObjectEx
GetCommModemStatus
MoveFileW
UnmapViewOfFile
CreateThread
GetThreadContext
DeviceIoControl

shlwapi

UrlGetLocationA

Exports

Exports

?HistoryLoggingOn@@YGKDKPAX:O

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdbg
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iplan
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eplan
Size: 512B - Virtual size: 91B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.run
Size: 1024B - Virtual size: 665B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0dat
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ram
Size: - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e61461713c75b64e8cda9cd7fa48512

Headers

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdbg Size: 512B - Virtual size: 92B

.data Size: 2KB - Virtual size: 2KB

.iplan Size: 4KB - Virtual size: 4KB

.eplan Size: 512B - Virtual size: 91B

.run Size: 1024B - Virtual size: 665B

.0dat Size: 103KB - Virtual size: 102KB

.ram Size: - Virtual size: 123KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdbg
Size: 512B - Virtual size: 92B

.data
Size: 2KB - Virtual size: 2KB

.iplan
Size: 4KB - Virtual size: 4KB

.eplan
Size: 512B - Virtual size: 91B

.run
Size: 1024B - Virtual size: 665B

.0dat
Size: 103KB - Virtual size: 102KB

.ram
Size: - Virtual size: 123KB

.rsrc
Size: 2KB - Virtual size: 1KB