d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c

Sharing

Copy URL

Twitter E-mail

General

Target

d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c
Size

7.5MB
MD5

fbd3b3d1068a63d0f590b7c648e7d9ac
SHA1

eff889d0af9514940521e5250fda13ab11637844
SHA256

d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c
SHA512

006d71b0735211bac342912fad59b792d58e46b5e5e9fec931ceb66d587fa56f834b18791ea8b18e0f0e09e4eb6af41aa97a1b95c7532490651882277e5d2142
SSDEEP

196608:q6F2SW2A/+B/m0iuFvhsadjS20dNOM/5:L289f5xhsoS20dNDh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c

Files

d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c
.exe windows:6 windows x86 arch:x86

bf6fb07fc1f83968a7095f4b26a31c49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetDesktopWindow

gdi32

CreateDIBitmap

comdlg32

GetOpenFileNameW

advapi32

RegEnumKeyExW

shell32

SHGetPathFromIDListA

ole32

GetHGlobalFromStream

oleaut32

SysAllocString

shlwapi

SHDeleteKeyW

winhttp

WinHttpSetTimeouts

version

GetFileVersionInfoW

gdiplus

GdipImageSelectActiveFrame

ws2_32

WSAGetLastError

iphlpapi

GetAdaptersAddresses

netapi32

NetApiBufferFree

setupapi

SetupDiEnumDeviceInfo

dbghelp

MakeSureDirectoryPathExists

imm32

ImmCreateContext

usp10

ScriptShape

opengl32

wglGetCurrentContext

Sections

.text
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

. g&
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.alc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.}Go
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf6fb07fc1f83968a7095f4b26a31c49

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

version

gdiplus

ws2_32

iphlpapi

netapi32

setupapi

dbghelp

imm32

usp10

opengl32

Sections

.text Size: - Virtual size: 3.5MB

.rdata Size: - Virtual size: 844KB

.data Size: - Virtual size: 190KB

.gfids Size: - Virtual size: 5KB

.tls Size: - Virtual size: 37B

. g& Size: - Virtual size: 2.7MB

.alc Size: 3KB - Virtual size: 3KB

.}Go Size: 7.4MB - Virtual size: 7.4MB

.rsrc Size: 137KB - Virtual size: 137KB

.text
Size: - Virtual size: 3.5MB

.rdata
Size: - Virtual size: 844KB

.data
Size: - Virtual size: 190KB

.gfids
Size: - Virtual size: 5KB

.tls
Size: - Virtual size: 37B

. g&
Size: - Virtual size: 2.7MB

.alc
Size: 3KB - Virtual size: 3KB

.}Go
Size: 7.4MB - Virtual size: 7.4MB

.rsrc
Size: 137KB - Virtual size: 137KB