61094b6ec4ebbaa7387460feb319457bf6b4c7ee3abec7756cca1e2641b2f381

Sharing

Copy URL Twitter E-mail

General

Target

61094b6ec4ebbaa7387460feb319457bf6b4c7ee3abec7756cca1e2641b2f381
Size

6.2MB
MD5

e8deac62c54ebbf988573da0fc3115c6
SHA1

30c03036134924604b3d70377026759d4e086b38
SHA256

61094b6ec4ebbaa7387460feb319457bf6b4c7ee3abec7756cca1e2641b2f381
SHA512

0a013f330e161e36a4631eb585557194a62d13f73c420a2d5c342354196e6c78553f0be68e513af18ef548e636a83df346a6ffc04a08d0cb7ecbfc0a76fb870b
SSDEEP

196608:mlrbmKV25hLNTBLCm6TXyyYALS0Zg+NGOWRyR0b7LP:aVV25/B50INwRR0zP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61094b6ec4ebbaa7387460feb319457bf6b4c7ee3abec7756cca1e2641b2f381

Files

61094b6ec4ebbaa7387460feb319457bf6b4c7ee3abec7756cca1e2641b2f381
.exe windows:5 windows x86 arch:x86

0f42032986fe0b9fa33716ca3329afb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
VirtualFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnumWindows

gdi32

SetBkMode

msimg32

TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegDeleteKeyA

shell32

ShellExecuteA

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA

ole32

IsAccelerator

oleaut32

SafeArrayDestroy

oledlg

ord8

gdiplus

GdipGetImagePaletteSize

psapi

EnumProcessModules

ws2_32

recv

oleacc

AccessibleObjectFromWindow

imm32

ImmGetContext

winmm

PlaySoundA

Exports

Exports

�h-1�f]��h.G��pZS��S@^U�uO��NV`�l��gRi hnԬ��S�u��+O ��e�"��#�S'}k�j%PH��Nt�J` �ZL��+$��<� ȝ��2pD�D}2� �ˤO�+_�le��/A��Ldll2��*��b�"l�A��X��Y�6��\05�i�O�!��9�01 &�]��YǗ�*#��ؽ�5��H��l�Z��}��R�HH1��-�{�m!��؊�ȕ��@"��b�#�.�/C�y��i�xv�7&�i�ag��E��G�^v��G��eD��3��pl�� Wmn[m��7��Y7�gܪ#��k_><�HT<s��¶*�g�@a��q��9��HU��)d�Yw�d��`�X��'�P��&��Ն�ρ�ua �l�P仹&�q��\�{ܚ1��r��]}\뉅Fc��(+Λ��Q�,��E�5��oY8�c]� ^؆f浠Հ̓d�� (`��6�`��+)��1�P>#��?u��o�U�7��G*-u`��}��# �˹��C�J��v՗$� �\��_f��Fڃ��J��+W\ȱc��N�l��T�`[�0/jd<Rf�jh�*��Q��I��"0��6V)fdp��Sɥh�޷`.}�x��o�X�3P�F<�XV(�k7D�t� �GGa��j�>��s��%L��<j�`�^+��ƽPH��L��/��q�p뭧Q�Q&�5Qu< +�\�\��/�"%nQ䥘��~�ǥ��/��*��*-��/L��5��Eв+Yb�W-�q(�W��<��D{B��sUCA��r9Q��1*�NW�ǧ�!oI�&C��%��Y��# �,֮/`+�$��B6괪�T� }��3�[��i�ʄ��p��c��"�_݆��\$Wj�E��~��q��bϤ�;��LI��4 ��h��굯�TYD��$DQ��Z��R��Mz=?4Z~��K�p��&Ď {�,.�cv�F��`%��b.� ��[��U~x�^b��m�Ȑ��|0x�H2Rt>QUt�)?��_�3E�];��A�߀ri��x,>�2,��c��!6� B�_�|**}�X4w�L9G�5��4�Te'#�e�(��|�I� h��T{�LG�s\:nw��!偾T�&��vL�bh�� f��]RjĨ�&4k��P5�N�� !S�LO*jS�J&N�xld�G�r�(~?��wv��̀ɺy �xôq�:j�6`��x%@O ��>�=礊<PF�J��|��h6�=�ⴜl��_�h�+M��2�U�O��l�5�^Uo��x�c�U�b�ƣtQ9�3�B�|��Es�`��M�9ˠsx�� Ȗ��Y�\��8��O䇚��ddu3R��u�oI��wLm�j��P��aA8(u�wE�)Bb;��<Q�iG�czeeh�ܼ4��İ\�7�H�%�-��s٫��ڇK��p ;n�Q�2aP��t��:%)�?�Y؞7i�j��r��<^W�v��z��׻�E�R1�c�NH3f�<W��U��3E��䶭2�� FJ�_zX�,"�� ʤ�E/�'R��f�!��Ƃi�t�� ֯��Х�7��q��eq��U�5��]4��$�}�I�l��]��Aɽ�$��~�S�3:<j[��e��R�=,z��Gc��R�� -]��(��)G��d߼l�-"˲YN�I&��M&�=U��i �`~F�ux��#�,v>��Iyz?*�L�Ƒ��Jt��޵�vK��/��ټ�N� 8��B�!��~̈́Yd��f�;��Rc/>>��(��3Ms&z�}H��(;��C��&�y*��9��|�� ^P��T��W�5��&Q�g>�/��ka��FL��/�!�<��ٲl�β��T_�s�r�x��e�͟?��0�©��'�O<*��A:�;[��\��;u+�rE ��ʓ��m�&8�+7Zzڷ��3��k��g~+� X�iv79 a��0 ��nl��C$H�2'��gZ哌��Sk]��X�ͩ� 拨��g�31Y�1�Y��UѬ�v�7��"�K'�m^`�4r�)d�ߵ��K�h|q�S�&�a�ݩ��F ��]wst�3F�E��G3�G��N��1�`&��:��n��|��I�� M}�� yXQ�l��qUs\�ۅ��6O��c��ʽ ��ޠ�/Ն1Q�p<�X�� C��f��(�e=��(N_f{� ��.w��w�waI�?J��iVۅUdPL֖��V:�4L��u9l� GA�<}"C ��]�Ú��}��tq4�R\��ur�?�b0'H7x�DJ��-�x��x�v8^<F-W%�*woB�e��o�B ��g��PXg��'(۸Q�Q��_��1Y� Y��iK7� ̫��)�?[!jÂ��U\��z��p�AO8�ge��ri��yT��S��V�-��Y��f\v{a�O1g�D{�g��$1��Y��j� ��]��f��:V�5��L7'��1�Ɯ4�~z�Yߣp�y�ʐ�)�r��p��ni�f��-�Ŭ?��y8�FFf�]o3�C�"Ԧs��0�2�`��Io�M�;POGM|F��`�%��3��}�Ȣ��K}ꋁ��I��l�U_9�,��ɣk|Գ�h�ࡽ�ZĐ)]��7�+��ߙ��cB��æEu;ʰB�ވ(�4�z��x=��S��h�ʐ��x� (�rV[}B#1�Bh��x|Ck�^a.S�H-�r�'��ԌJQ�X�reگ �f�n��6|x��ހ�4�?ޅ�[��9�~�"z��H4CJ�ȭ�:��!��*��]}�] �JR��'��2�Qhm��(�>��UَF��n��R�4~

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.omg0
Size: - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.omg1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f42032986fe0b9fa33716ca3329afb4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

psapi

ws2_32

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 316KB

.data Size: - Virtual size: 54KB

.omg0 Size: - Virtual size: 5.0MB

.tls Size: 512B - Virtual size: 24B

.omg1 Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 512B - Virtual size: 388B

.rsrc Size: 68KB - Virtual size: 67KB

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 316KB

.data
Size: - Virtual size: 54KB

.omg0
Size: - Virtual size: 5.0MB

.tls
Size: 512B - Virtual size: 24B

.omg1
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 512B - Virtual size: 388B

.rsrc
Size: 68KB - Virtual size: 67KB