7e032a7cbd0c79772445c74e5363690d3163261e5c61f18550379215c53bf6d8

Sharing

Copy URL Twitter E-mail

General

Target

7e032a7cbd0c79772445c74e5363690d3163261e5c61f18550379215c53bf6d8
Size

703KB
MD5

2b078827412ebac58850a2de1efafbbb
SHA1

76a2af936545558d3da0dd5aaf6cede797eb2636
SHA256

7e032a7cbd0c79772445c74e5363690d3163261e5c61f18550379215c53bf6d8
SHA512

ead8b0b1204b2b247e8e7036387222712caaeb09871f695e5b7f07f1bf3f780d50453ffa2573f30176b795a43b96d885dee8191ef6d9404d0dae55ba502f036d
SSDEEP

12288:xOMSdZQFrlnybqL5tml0aTcMjN12xdUb6pSsFQHNP51lK9+Prapve43kT:xOMSdyZl11tmlNQ2OnBdFQtP51llPupY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e032a7cbd0c79772445c74e5363690d3163261e5c61f18550379215c53bf6d8

Files

7e032a7cbd0c79772445c74e5363690d3163261e5c61f18550379215c53bf6d8
.exe windows:10 windows x86 arch:x86

2df29d0736b8a2a1fcce9f4f1b61f32a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msidb.pdb

Imports

kernel32

WriteFile
FindNextFileA
FindResourceA
lstrlenA
FindClose
GetCurrentDirectoryA
MultiByteToWideChar
GetLastError
GetFileAttributesA
CreateFileA
LockResource
CloseHandle
LoadResource
GetProcAddress
GetModuleHandleW
GetFileType
FlushFileBuffers
GetStdHandle
VirtualQuery
GetSystemInfo
WriteConsoleW
SetStdHandle
LCMapStringW
GetStringTypeW
SetFilePointer
GetConsoleMode
GetConsoleCP
RaiseException
FindFirstFileA
CreateFileW
SizeofResource
VirtualAlloc
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
Sleep
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
HeapAlloc
VirtualProtect
EncodePointer
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCommandLineA
GetStartupInfoW
GetVersionExW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
LoadLibraryExW
GetModuleFileNameA
HeapCreate
HeapFree
VirtualFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
QueryPerformanceCounter

user32

SendDlgItemMessageA
MessageBoxA
IsDialogMessageA
ShowWindow
DialogBoxParamA
EndDialog
SetDlgItemTextA
LoadStringA
DestroyWindow
GetMessageA
GetDlgItem
PeekMessageA
EnableWindow
PostMessageA
CreateDialogParamA

ole32

CoUninitialize
StgOpenStorage
StgCreateDocfile
CoInitialize

comdlg32

GetOpenFileNameA
GetSaveFileNameA

msi

ord48
ord8
ord160
ord158
ord20
ord21
ord29
ord164
ord77
ord170
ord91
ord31
ord124
ord18
ord117
ord163
ord27
ord120
ord119
ord122
ord159
ord17

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2df29d0736b8a2a1fcce9f4f1b61f32a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

comdlg32

msi

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 3KB - Virtual size: 9KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 3KB - Virtual size: 9KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 568KB - Virtual size: 572KB