356eb0bc8f0f738f51dfae1a5b41190a769843d3bae805c011f0b217577faa70

Sharing

Copy URL Twitter E-mail

General

Target

356eb0bc8f0f738f51dfae1a5b41190a769843d3bae805c011f0b217577faa70
Size

1.9MB
MD5

3818a412ff1fdf6f52b336b2e81c08b3
SHA1

15e3e15965856e0e1465c62e6a95a2d94fc676c1
SHA256

356eb0bc8f0f738f51dfae1a5b41190a769843d3bae805c011f0b217577faa70
SHA512

0c6bb49870545ef3b57df95f4c724dd25f195a63243ab9b346daeb6223f207462a6ed73ec5b7ecdd3eb1eb2f43f230ccc41ca3eee221aac62e8ec0846ecbc349
SSDEEP

49152:cqMbUp1BPOo8FjxmRpZhWuEIkPSWm+6INeshLuUud7Bc:cq0Upj9oERXIuVgSWmSNvxpux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
356eb0bc8f0f738f51dfae1a5b41190a769843d3bae805c011f0b217577faa70

Files

356eb0bc8f0f738f51dfae1a5b41190a769843d3bae805c011f0b217577faa70
.exe windows:5 windows x86 arch:x86

13b262e2e889bed607636bd848be9ec5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysReAllocStringLen

advapi32

RegQueryValueExA

user32

DestroyCursor

kernel32

QueryPerformanceCounter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

GetDeviceCaps

version

VerQueryValueA

comctl32

ImageList_Draw

shell32

ShellExecuteA

ntdll

ZwShutdownSystem

Exports

Exports

Y-{��0��+�'g��4�:W��":Ԭ�XDB �.�툵4�[�~,�^�5�B�P� z"X5Y��1 I��ݒ�H�j�j�!�.��-2��y� h�<��/$�]&�q��0��z��]J �A�28&W��rBqr�뷊��͉6��Z��n@�s�fy��zE%��j�� %�Mp+��r�� R�@�4,��=}�#��L ,�4J�H��C��fhȝ<I�Ő� t`��b��{��_�k�0�}�XG{��u=�� >�m��x�XŤi\�Vr��gF��"q�.p��5jM�96��U��!��u7t�1��l�s*q��E��vg��n��%Z��Й��$�kJ��9Z�g�� Z�#9�>G��\��T��O�� Y�ͷ��sYl�G^��#2Ɣg!�&Z<R�~?�v]�ݴ�8joO�8T��0"�/�9��CX��Q��)��6؃'��}�u�$��ô{b�mjZWQ��kH��4�T��m�H��B��V�;a��䍓��=s1�e�#��۷on�0��h��i�i0��l��ə͎�+�Āh�Έ��ų<��5�%�@=��ÝⓂ�M2��i��[`�M�#`��R^U{��l-��J�wE�Ş�� >c��G��荤'X@��d��Y��,Q��]y�h�_sH �/��4z�5G=S��_�$z��_X��\$$V��/��q*T�ܽA��%�wM�+2��=�ʿ��7�*�C�˚}6v��'i�U��q�Cϟ��]��ȼ��HMg�\��g�s��ނTiN`��H��!�U]��Q`�Mn^�=Vf,��һ��m{)h��݉�W�\��{�ԇ�L/�w�"g�+�w��F�7c��D��)��t�8��/�Q`��u̡�&g!��^)�nY*�`C}��7�˜��x�z.�RE�@7 }�z'<qd�ч�/(0�r�:j8��g��W��)[��je2]��>� H�.�� Esn�D`�Voˣ� ��&��n8�h2�~��?2�"a!�7u��u3�_�+;5��.ν�� qESy��%��"��o��W��W��T9�7�DO�t�V��OM�9-R4��C��Ѐ�V��Y��^��I��(��6"��^�y�&��R�B �Z�vE��h��5��Ԛ)5��)�]�@��<��*n�n�Ep��M��;��>949�q�"��xiD;��S-��2߲M��}��Em��H��5�< ��P��M��{= .�[��1eZ�A��nad_��/��]��<��z*��I�#J�ryZΈH@��/�a�Y23�9��=7R�T/~$��} n��/3��3�4Z�YՖ1�Bɣ>�I��sX��B��V�v��ⷂ�e�.{W(�Ӭ~g�)q��A�;�HP/L��t}��j\�j+�k9hv�0<7ĩ��t97��R��N]:X� 0k��$�%[�C�C��2��հ��g�N��u��Ս� �6�&�(t�@�pU=�+�G_�g�MM��{��L7��Ga�US�=RBUyQ�څL��eA;T��R�>y�j�ȑ�:qQ�,�� T�W-'$�c��͉�f?[�h28ꩤa�ŢϽ��ı:�5��W�a��Xi�(�S7�\v��P%��wӋ8�t�bS��}�G�)�i�"�5�;��TJ �'V�S��v�s�˫icr~��tvXK� Y��_e�9�i��M�&>��r2]1�7�al�sn�U�~��v_��9Z-��T4GT��}X��y��Wʔ��Bv��2��i��9��9pݮ�k ��qu�eT-3��)��Lcr1�GQ��s׻�N��h��;B��q#. ��-- �o�]|��Q��uڨp��S�뱐`a��|��>ۓ�C��I��Q`qe+,��n��~�o�>��0��=R�c��#V��va�vw��v;4h��Ǫ��=��e�dw�) YR�QsK�j�o�5��-z��ߏI��Ѹ�;��%�L�A��6��ny��m�^Zѫ>��>��A��/Q��(h�SЋ��v��(L��c*�4:��J�*T#��8T$��?�hL��1 ڬ� S��`�"Xꘜ��CL�t� z��;c�M0Z� �-��(�졨�\3��W��LS�f�X��F�V0rM4I߳�_��5��W��M��E�N��?(��'�#��r۬�K�UY�@��C�j�c��r�k��f��X��>6��56��" ��j)�=|�,��_~ΣN�ߎl�(~o4��s�e:�㗲�5��:�V��Q�-��ڌ&��=0�� S��A ��a]S.��V=.ܞzE�{7%�w(�槵]و8�n��e(��5��gOZ�`$8��?3n/D�� _[�j�_F�� \*<��ē�3�� 峭�$O�6շH��I�0_��PHчL��Z�+�|a��N �S&�ۥ��DnU�-G�?�� #�b}�}d�v��h)��I�bδ-{�\Տ=� ��Ue8lbp�'h�6��~.�x�vPXb!|PO�E?��IL�N�lwڒ 9�� `�#��[�s��2}#�uX��G��I��[+�p2f2�]�e*$��q�� e%�.t:Y��A��ͺ��D��p�Գ��N�E:]��|x͑cGpN$�5[A��C��Է7?.^��;�+A'?׬+E��iE�.��@08_��|�<!I�^ya�(\eFhA�c}-V��9�nD��x,��[�)<��\��H.��B�[ma��2'��A 4G�mᴇ~��u'�Y�~w�{�&

Sections

.text
Size: - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dfw0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dfw1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13b262e2e889bed607636bd848be9ec5

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

comctl32

shell32

ntdll

Exports

Exports

Sections

.text Size: - Virtual size: 358KB

.itext Size: - Virtual size: 1KB

.data Size: - Virtual size: 6KB

.bss Size: - Virtual size: 19KB

.idata Size: - Virtual size: 10KB

.tls Size: - Virtual size: 56B

.rdata Size: - Virtual size: 24B

.dfw0 Size: - Virtual size: 1.5MB

.dfw1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 512B - Virtual size: 304B

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: - Virtual size: 358KB

.itext
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 6KB

.bss
Size: - Virtual size: 19KB

.idata
Size: - Virtual size: 10KB

.tls
Size: - Virtual size: 56B

.rdata
Size: - Virtual size: 24B

.dfw0
Size: - Virtual size: 1.5MB

.dfw1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 512B - Virtual size: 304B

.rsrc
Size: 5KB - Virtual size: 4KB