df8f3b3dff9a8760c45d3c44f6ac7daa

Sharing

Copy URL Twitter E-mail

General

Target

df8f3b3dff9a8760c45d3c44f6ac7daa
Size

276KB
MD5

df8f3b3dff9a8760c45d3c44f6ac7daa
SHA1

e26111090eba5339da3183719e65886109e4c0f0
SHA256

19bc27c5da711e6cbb5668e0f930154583fa844acd9ca5f86b522dd2326892bd
SHA512

476910c59f3028e527f3e0b6c7dc4014ee49d0983b5493b2719a44f041e389a3509134b562374dae2b6f508d399e7b42522b84d04c3a0c30ee38804ed19fed11
SSDEEP

6144:cVh4y+OHCqAHp/O4OjiYQQm9XN+fU69e1akId4Ui:cVhJDMHpIjigGXN+fU69e1and4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df8f3b3dff9a8760c45d3c44f6ac7daa

Files

df8f3b3dff9a8760c45d3c44f6ac7daa
.exe windows:4 windows x86 arch:x86

0793604ffb05c2ef47efdbe9dae0462a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Fish\no\Such\people\develop\knew\first.pdb

Imports

user32

GetMessagePos
UpdateWindow
GetClassNameW
GetDC
GetAsyncKeyState
EnumChildWindows
ShowWindow
GetWindowTextW
FindWindowW
GetMessageW
CloseClipboard
EndDialog
OffsetRect
SetCapture
LoadIconW
WindowFromPoint
BeginDeferWindowPos
DeferWindowPos
CreateMenu
UnregisterHotKey
GetPropW
TranslateMessage
RegisterWindowMessageW

msacm32

acmDriverAddW
acmDriverClose
acmStreamUnprepareHeader
acmStreamSize
acmStreamReset
acmStreamPrepareHeader
acmStreamOpen
acmStreamMessage
acmStreamConvert
acmStreamClose
acmMetrics
acmGetVersion
acmFormatTagEnumW
acmFormatTagDetailsW
acmFormatSuggest
acmFormatEnumW
acmFormatDetailsW
acmFormatChooseW
acmFilterTagEnumW
acmFilterTagDetailsW
acmDriverRemove
acmDriverPriority
acmDriverOpen
acmDriverMessage
acmDriverID
acmDriverEnum
acmDriverDetailsW

msvcr71

_except_handler3
_onexit
__dllonexit
gmtime
asctime
clock
localtime
time
calloc
free
malloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

RaiseException
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalFree
LocalAlloc
GetStartupInfoW
GetModuleHandleA
VirtualProtect
SetTapeParameters
ExpandEnvironmentStringsW
SetFileAttributesW
CreateProcessW
DeleteCriticalSection
CreateFileW
SetEndOfFile
GetFileSize
CloseHandle

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0793604ffb05c2ef47efdbe9dae0462a

Headers

File Characteristics

PDB Paths

Imports

user32

msacm32

msvcr71

kernel32

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 72KB - Virtual size: 150KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 72KB - Virtual size: 150KB

.rsrc
Size: 4KB - Virtual size: 2KB