71c1e63c4756a6fff4a2952def094e49c21d0f25b101a9e5e73f4037f38a2c27

Sharing

Copy URL

Twitter E-mail

General

Target

71c1e63c4756a6fff4a2952def094e49c21d0f25b101a9e5e73f4037f38a2c27
Size

288KB
MD5

0539760ab4be230c3f3ef7044e779e96
SHA1

cc47da74523b8fd4a1b05a884ae2f1225b78b7ea
SHA256

71c1e63c4756a6fff4a2952def094e49c21d0f25b101a9e5e73f4037f38a2c27
SHA512

a03f874d4c197bcbc94bd5ff0e8e10e2584c571650ec88a48a26b60104631fb750ff97c7abaa8e78fd04783f9923fa9a4b793734f990a98ca46b1f25f2b933e3
SSDEEP

6144:ru++eWH9AjKEXdiJcWitl1Y+PwCOqetlLpBgTMQWDKOvTnBrnh14QVAy/mmu+:6++TCjfd6cRjy+PVStnBgTXWDKO9rhOy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71c1e63c4756a6fff4a2952def094e49c21d0f25b101a9e5e73f4037f38a2c27

Files

71c1e63c4756a6fff4a2952def094e49c21d0f25b101a9e5e73f4037f38a2c27
.exe windows:4 windows x86 arch:x86

c26558f381530a29a30ce9d2afd5cae1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseColorW
ChooseFontA
ReplaceTextA
GetSaveFileNameA
PageSetupDlgA
GetOpenFileNameW
ReplaceTextW

gdi32

ExtTextOutW

advapi32

RegConnectRegistryW
CryptGetHashParam

shell32

RealShellExecuteExA
FreeIconList
ShellAboutW
ShellExecuteExW
ShellExecuteEx
SHAppBarMessage
SheGetDirA
SHGetFileInfo
RealShellExecuteExW
FindExecutableW
SHAddToRecentDocs
SHGetPathFromIDListW
ShellAboutA
SHQueryRecycleBinA
DragQueryPoint
RealShellExecuteW
SHQueryRecycleBinW
SHUpdateRecycleBinIcon

kernel32

GetStartupInfoA
GetStdHandle
GetLastError
GetOEMCP
HeapDestroy
GetTimeZoneInformation
GetAtomNameA
IsValidLocale
GetProcessHeap
GetModuleHandleA
GetTickCount
SetConsoleCtrlHandler
GetFileType
LocalUnlock
GetCommandLineA
UnhandledExceptionFilter
GetACP
LeaveCriticalSection
HeapSize
CommConfigDialogA
GetTimeFormatA
LoadLibraryA
FreeEnvironmentStringsA
GetEnvironmentStringsW
GetDateFormatA
GetCurrentThreadId
ResumeThread
Sleep
GetCurrentProcessId
GetUserDefaultLangID
TlsGetValue
InterlockedDecrement
MultiByteToWideChar
GetCurrentProcess
GetCPInfo
GetVersion
RtlUnwind
IsBadWritePtr
TerminateProcess
HeapAlloc
TlsAlloc
DeleteCriticalSection
VirtualAlloc
lstrcatA
EnterCriticalSection
WideCharToMultiByte
HeapCreate
InterlockedIncrement
FreeEnvironmentStringsW
GetSystemDirectoryA
FreeLibrary
SetUnhandledExceptionFilter
InterlockedExchange
SetHandleCount
HeapReAlloc
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
IsValidCodePage
VirtualQuery
GetStringTypeA
EnumSystemLocalesA
VirtualFree
GetConsoleCursorInfo
FlushFileBuffers
GetStringTypeW
GetShortPathNameW
CreateDirectoryExW
QueryPerformanceCounter
ExitProcess
IsDebuggerPresent
SetEnvironmentVariableA
CompareStringW
HeapFree
GetLocaleInfoW
GetVersionExA
WriteFile
GlobalLock
LCMapStringA
EnumCalendarInfoA
LCMapStringW
GetLocaleInfoA
GetCurrentThread
GetEnvironmentStrings
CompareStringA
GetUserDefaultLCID
GetPrivateProfileStringA
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
FindClose
SetLastError

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c26558f381530a29a30ce9d2afd5cae1

Headers

File Characteristics

Imports

comdlg32

gdi32

advapi32

shell32

kernel32

Sections

.text Size: 139KB - Virtual size: 139KB

.data Size: 139KB - Virtual size: 138KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 139KB - Virtual size: 139KB

.data
Size: 139KB - Virtual size: 138KB

.rsrc
Size: 9KB - Virtual size: 8KB