20ad091d3a260c3d4b4ad87f491441560f8bf8b06fca13976587329467e48d10

Sharing

Copy URL Twitter E-mail

General

Target

20ad091d3a260c3d4b4ad87f491441560f8bf8b06fca13976587329467e48d10
Size

8.0MB
MD5

57a31f5279d5d3efeba8fb3932a91e88
SHA1

317bdf93db3cab25f78928684925325a16981dcf
SHA256

20ad091d3a260c3d4b4ad87f491441560f8bf8b06fca13976587329467e48d10
SHA512

5a810ec8594a5677c119b008a90e2dcdb2cca9384308a0787af228b2cac83ecddcfa65bed2cf690c2680e591e80236e87ae6311590e9fe458242aae9f144af89
SSDEEP

196608:ih64bTqFPe3c4xbT3f5zNQF3N7r4NcKcLcLm1Fml6:iD2te3c47zNoNv4NSKemE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ad091d3a260c3d4b4ad87f491441560f8bf8b06fca13976587329467e48d10

Files

20ad091d3a260c3d4b4ad87f491441560f8bf8b06fca13976587329467e48d10
.exe windows:5 windows x86 arch:x86

029ecdc7ebf4b2a55029badd55461bb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

TabbedTextOutA
CharUpperBuffW

gdi32

SetTextColor

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegEnumValueA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

ntohl

comdlg32

ChooseColorA

Exports

Exports

�E��m1.��]��(j��#Rʻ�ԣW�3��R��NM�ȃ$��pʏ��Ĳ��)��x�\�#3��894��n��p��z�P�c�E��H� �$�JKO�н��<@,\o6r7̻T�.+ʬ� �� LJv�:�V��x��?c�q��`��h��2د>4�}`�6Rj�� âs��/ȏ��< Ai ��N��/�53��|�N�C� L�M"P07��v1��6��y`�S��ڄ�F#��g�A��EmW��U�<%��WD.�'��:yK[Ûz�`��+g��N~D��aKx�1�� !%��3�_q�0�U�GW�}�I�v�y<Li�Lo�kGq=�� 5m((V��8�c�l˼c��>�[�c��.CHB��-��+��wǽ�� )S�O\�i�_,��!=�.��qK��B}�� ~�l��m{,��3.��4�W��`��GuU�\�t��jޓP�p4�sN�.�V��o�WU\��%}��_��V=;|2)͙S4�U�OIܩ�UP�φk5�03V�2W��@��E��3��w�u ��0�=IU��m�e�}��z5Y܁=�aY��Tߵ�ù��2��5��t��̠8�n:�'��(��V)� �G)�/��:_p6"��Z��3ਲ��}J�"��.�{��n�i�;�e�l�.SѴIwsY�s.�� N� �z��t�D��w�CSI&5j�*��m� �c"$t�8��s��vCU��xζ�`A~��ލ��c$�8��6R�A��t��{�ã��pB:$��g�B��`�룫 .�m��a��7��v,�#�TiK(��#e��S/�)�϶,�##��6�(>�Krv_��I�S��>��>�;Wnvqd��!��O�+��kdı��Ԅl�r��#f��9+�R�K?��B��PT� 0{e�O?U`��-��L��Q,�s��2�ݤ�7T��}��~��4ŢcÀ)�O�� 3�>S4U��h��%��h" �M��bӻ<i��D�Gx(�Tۮ�qJӴ1��j��_�{��Pĥ�)��);�K�Ց��L�$�7�~K��~�7�4�=��f��Q�w6R"��i�.Z��%�Ⱦ&�Aט#��9�H�p�69� h_�`n�[A��0BR��L�w�~_��6)d?�0ʼ^9=`~í'l�+�6e�30`��7$!1@!�fZ��҇�]{��l��'�zF�� o�UN��Fn�VM�w�6��c�� pǑ�Bp�(:�"JYB�qP��LQx��|��6p�B�F3�A5�|��/�S�z�,1�e��%5�%�|��>V��A׏ت`Z�v-��+y��9�)��V��)��j�5��H��U��-�16]N)��s�g"<G��Q�e��9�R<:p�C��G��o��n1��@;�S��YH�սp,N��}��}�� S��9��ȑo�&�O��r,��`E7}��AYN�� !^�Y��o�4��1�ގC[�L&�w�7�g��w�34!-�t}k4R?R�Y _��D'�殷|�7b��{��[�8��J�m��5x%_�,u%�0��w�&�H̽��~p,{.}�@@��3ּ*'��*]t�g&�i��]��+��mr�v<��w�R��_�dw��!9��0��\��*�;?��3 ��Z{@<O��WtzcR��5��%�ː�"��4��<�V�ү�w$Ș�»��O�4y4#�Ꝁ��}��%��CU�V\E{M�A��V`��Yc��K ��W}Y��Ĺ5��S�G�8�tY��=�ȃ��玅�>�� +�`�s�dqJL�Iq�IVR}O��nKk"ʁ1��hv�^�=K�v#K!hd��Ի��f��V�r��Ϯ!��j��9��:u`[F�3�k��t$�?<�5�� m�Q(N��P��vu�� C3��l��g��ڑ9C��k06p�k@�aA"��A �H<"� ŃM��P��:�ջ��'�� QR�<�IMv]N�t�7�Y_��!�ʋ��1��9�\��N�P��;� ��!�� "?��"Q��/u�"�&n��0E�� $��dܘIBQ�\�.B'ù��nr�٠p�B0��њ�c��N.s�Jz�.�!��Z@B� ̢�ק�R��PW5�~��^"r��l?.��\�N�|u��4�8G�o�I�pi�ʆ�72 �xT c�5�ݙ��6�_��-� ��ↄ��zk�Ն�}x�� 7�+ �˔��6��?��x��xs�X�'��߱�u��/��W�=�|��F��o��p�D ~�Oj��E��y$HX?� �K�U�i��;�a��@��[� t�GgK�n�#��On��.��k��II��m&�ٺ^��N3�� h��3̲+�r��?j��H��D�*��lo�X��y��Ҫ��WUXyw~7g��e�0��%��ci�T܉��6��Q�f�C~�Hv�Gj�PI�H0��YR��ֱ��na��UC��a*p(�A]��-�d��0*89��o�%R��*�a�ğ1�.��LM�+�2�U�D��M�֡G+}>i'f�+�<t��ۉ�,2�r�q��d��O�D�UY��G*�\��<R�4�>�G�b]`��z&��N�(`7�!��zYm�3uW�u��D��FQ&�_�'��!P��,�"�3b��~6q%��۪Y�a8y=�*_c�(��Il�I� .��C��,˰);�e"J�Y�=D\��e��5��yҵɃ�p�

Sections

.text
Size: - Virtual size: 882KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0-7
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.[xS
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qL4
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

029ecdc7ebf4b2a55029badd55461bb4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 882KB

.rdata Size: - Virtual size: 105KB

.data Size: - Virtual size: 987KB

.0-7 Size: - Virtual size: 4.7MB

.[xS Size: 4KB - Virtual size: 2KB

.qL4 Size: 8.0MB - Virtual size: 8.0MB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: - Virtual size: 882KB

.rdata
Size: - Virtual size: 105KB

.data
Size: - Virtual size: 987KB

.0-7
Size: - Virtual size: 4.7MB

.[xS
Size: 4KB - Virtual size: 2KB

.qL4
Size: 8.0MB - Virtual size: 8.0MB

.rsrc
Size: 12KB - Virtual size: 8KB