09b6120767aa7c5c0af9b86178cedfb492409c0a347837e0f543656911ab911e

Sharing

Copy URL Twitter E-mail

General

Target

09b6120767aa7c5c0af9b86178cedfb492409c0a347837e0f543656911ab911e
Size

69KB
MD5

6319cd4f40633d91287b0b1ba8e15724
SHA1

626b2fd1618d4990e0befeee878a725d150ea1cd
SHA256

09b6120767aa7c5c0af9b86178cedfb492409c0a347837e0f543656911ab911e
SHA512

e8efba25b4f854549916b5271e9c74239ba253c61e38fc1d6d2488650221c85f1b0634624b0d90a4c740d02dd6b970239d18a7c52c185f9003f9ce3d0d2deeae
SSDEEP

1536:A3LG97rsKHqcPPrxCDd/wwJ0QMC8Wm7WgTBH:Ab+PDFY/wwJ0QMC8WeWgTBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09b6120767aa7c5c0af9b86178cedfb492409c0a347837e0f543656911ab911e

Files

09b6120767aa7c5c0af9b86178cedfb492409c0a347837e0f543656911ab911e
.exe windows:5 windows x86 arch:x86

18f684eaf61f7abed9c69cf87b1b3ffb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumSystemLocalesA
GetConsoleOutputCP
GetStdHandle
GetLastError
GetProcAddress
VirtualAlloc
DisableThreadLibraryCalls
VirtualAllocEx
LoadLibraryA
LocalAlloc
CreateFileMappingW
LockResource
DeviceIoControl
GetModuleFileNameA
DebugSetProcessKillOnExit
GetModuleHandleA
IsDebuggerPresent
GetStringTypeW
CompareStringA
LocalSize
DeleteFileW
LocalFree
GlobalReAlloc
WriteProcessMemory
ResumeThread
DeleteFileA
CreateThread
GetStringTypeA
LCMapStringW
MultiByteToWideChar
DecodeSystemPointer
HeapSize
RtlUnwind
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetACP
CompareStringW
ReadFile
CreateProcessA
LocalReAlloc
lstrcpynW
SizeofResource
GetConsoleMode
GlobalAlloc
LCMapStringA
GetConsoleCP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FormatMessageA
GetProcessHeap
GetCurrentThread
GetModuleHandleW
HeapFree
FreeEnvironmentStringsA
LoadResource
FreeLibrary
SetThreadContext
FindResourceA
GetThreadContext
GetCommandLineW
GetLocaleInfoA
ExitProcess
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
Sleep
WriteFile

user32

MoveWindow
GetWindowThreadProcessId
GetDialogBaseUnits
DestroyWindow
GetMessageA
GetSystemMenu
GetMessageW
IsChild
LoadImageW
KillTimer
MsgWaitForMultipleObjects
IsZoomed
GetSubMenu
LoadStringA
DeleteMenu
GetFocus
IsClipboardFormatAvailable
LoadIconA
MessageBeep
GetClientRect
GetMenuCheckMarkDimensions
GetDC
LoadAcceleratorsW
GetKeyboardLayout
GetClipboardData
ReleaseDC
CharUpperW
GetSysColor
CheckDlgButton
CreateDialogParamW
AppendMenuA
GetMenuItemCount
OpenClipboard
MessageBoxW
ReleaseCapture
MapWindowPoints
DialogBoxIndirectParamA
FindWindowA
LoadCursorA
DialogBoxParamA
GetProcessDefaultLayout
RegisterWindowMessageW

gdi32

GetTextExtentPoint32W
GetTextMetricsW
GetTextExtentPoint32A
LPtoDP
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
GetTextFaceW
CreateSolidBrush
EndPage

winspool.drv

ClosePrinter
GetPrinterDriverW

comdlg32

GetSaveFileNameW
ReplaceTextW
FindTextA
ChooseFontW
PrintDlgExW

advapi32

RegOpenKeyA
ControlService
RegDeleteKeyA
RegQueryValueExW
RegSetValueExA
IsTextUnicode
RegSetValueExW

shell32

CommandLineToArgvW
DragQueryFileW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18f684eaf61f7abed9c69cf87b1b3ffb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 7KB - Virtual size: 6KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 7KB - Virtual size: 6KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB