151f988c7f177924b75afdd0cf550dad95377d39a374f3ff3bbfca56a731eb21

Sharing

Copy URL Twitter E-mail

General

Target

151f988c7f177924b75afdd0cf550dad95377d39a374f3ff3bbfca56a731eb21
Size

44KB
MD5

bb47df1722bd092c3848fa186b8d154b
SHA1

28de9378376660fa962a87d9123032568f441b6c
SHA256

151f988c7f177924b75afdd0cf550dad95377d39a374f3ff3bbfca56a731eb21
SHA512

da639f5a98a26c414ec194e7f32c6b1b7dbe1f8dff796856c6669b0aa196551236acc9bc2a5d0af6f2c3e0bb274c9839447e208ef47c7f31a4b5294b243e6975
SSDEEP

384:42dLIrI5Zkhq/Py6FuH3Qt7V7YU1sE1gF4HRsLJ0FR3q0DibSSMiO56XYD3Hv2:4GLwI5Z//PPrtpkZ4xsL6qpTgoXY3+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
151f988c7f177924b75afdd0cf550dad95377d39a374f3ff3bbfca56a731eb21

Files

151f988c7f177924b75afdd0cf550dad95377d39a374f3ff3bbfca56a731eb21
.exe windows:4 windows x86 arch:x86

630afe5f11faec8956c9b9970b665ce4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord6278
ord4273
ord6654
ord6279
ord4124
ord2755
ord5679
ord823
ord825
ord2910
ord5568
ord3785
ord5706
ord942
ord482
ord3062
ord561
ord3069
ord641
ord2810
ord6136
ord5854
ord535
ord341
ord654
ord6868
ord1165
ord3512
ord861
ord540
ord2606
ord858
ord6874
ord1568
ord541
ord6139
ord538
ord5857
ord800
ord801
ord815
ord2756

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p___winitenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
wcstoul
malloc
free
memchr
_wsplitpath
time
??1type_info@@UAE@XZ
_CxxThrowException
srand
rand
printf
__CxxFrameHandler
wcscmp
_except_handler3

kernel32

GlobalUnlock
GlobalFree
GetCommandLineW
GetModuleHandleW
CloseHandle
CreateFileW
GetLongPathNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
MoveFileExW
GlobalLock
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
lstrlenW
MultiByteToWideChar
InterlockedDecrement
LocalFree
GlobalAlloc
WideCharToMultiByte
Sleep
GetLastError
DeleteFileW
GetTempPathW

winspool.drv

EnumPrintersW
DeletePrinter
ord204
AddPrinterW
ClosePrinter
XcvDataW
DocumentPropertiesW
GetPrinterW
EnumJobsW
EnumPortsW
OpenPrinterW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

630afe5f11faec8956c9b9970b665ce4

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1024B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1024B