df3b9470bd60cbb9efd8cce928b4100f1b8f5979ee459032369e9d1c1ac287d4

Sharing

Copy URL Twitter E-mail

General

Target

df3b9470bd60cbb9efd8cce928b4100f1b8f5979ee459032369e9d1c1ac287d4
Size

1.7MB
MD5

55e1392827f787baa787e434947d7281
SHA1

b291ee748455d15d6e54cc96593304a48dfd9559
SHA256

df3b9470bd60cbb9efd8cce928b4100f1b8f5979ee459032369e9d1c1ac287d4
SHA512

511bee751aee9bb373b6c845ea6790fb53dcea6af7d9b8c4b47e27d6cfd403f17a4b15544e88d2c328344f585dcc5632aec76c8065e63bdb8cf67d980dbec315
SSDEEP

24576:K+fk8+oRNmVEmk/l194NWWNdpdibp+8VR19/pyTFR:Kgk8+bS8ZOl+8V+D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df3b9470bd60cbb9efd8cce928b4100f1b8f5979ee459032369e9d1c1ac287d4

Files

df3b9470bd60cbb9efd8cce928b4100f1b8f5979ee459032369e9d1c1ac287d4
.exe windows:4 windows x86 arch:x86

f360e1a304b5985cc1d5bf66fc7a6261

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetModuleFileNameA
LoadLibraryA
GetStringTypeA
LCMapStringW
GetProcAddress
FreeLibrary
VirtualProtect
GetLastError
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA
GetStringTypeW
LoadLibraryW
IsBadCodePtr
lstrcpyn
OpenMutexA
CreateMutexA
OpenProcess
LocalAlloc
LocalFree
CloseHandle
lstrcpynA
RtlMoveMemory

user32

MessageBoxA
FindWindowA
SetParent
IsWindowVisible
ShowWindowAsync
MoveWindow
SetFocus
GetFocus
SetWindowPos
CreateWindowExA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyA
RegOpenKeyA
RegSetValueExA
RegDeleteValueA
GetUserNameA
LookupAccountNameA
ConvertSidToStringSidA

ole32

CoInitialize
CoUninitialize

shlwapi

StrCmpLogicalW

msvcrt

strlen

ntdll

NtQueryInformationProcess

shell32

SHAppBarMessage

atl

AtlAxWinInit
AtlAxGetControl

Sections

.text
Size: 904KB - Virtual size: 903KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 688KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f360e1a304b5985cc1d5bf66fc7a6261

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

msvcrt

ntdll

shell32

atl

Sections

.text Size: 904KB - Virtual size: 903KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 688KB - Virtual size: 685KB

.rsrc Size: 68KB - Virtual size: 67KB

.text
Size: 904KB - Virtual size: 903KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 688KB - Virtual size: 685KB

.rsrc
Size: 68KB - Virtual size: 67KB