b23d75964c72e8f0717df64adecd117232aeac50fb37983c501b646ad58baf18

General

Target

b23d75964c72e8f0717df64adecd117232aeac50fb37983c501b646ad58baf18
Size

4.4MB
MD5

53abf083e2a771c38a4ee073d4852ba0
SHA1

82f3a1f31c41f5c2999b8f55dad93f09ebd16410
SHA256

b23d75964c72e8f0717df64adecd117232aeac50fb37983c501b646ad58baf18
SHA512

15e7f4d254fb7a45a28634d5e4c046f4f33db201b94d7e93831f84483e0a077fdc9ca5b5c7cf6df3ebe1426b2e6757427f9c22601703f7c65a5d987e670ec8ca
SSDEEP

49152:NScdiO3Wu/shXLiSjCpL0v4+ngW8TrRWWaTZj3F/+s8KuqGaX0ToIBAUZLY9I3IG:NkThXu1pO4g8Tr4jZuJBAUZLUv1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b23d75964c72e8f0717df64adecd117232aeac50fb37983c501b646ad58baf18

Files

b23d75964c72e8f0717df64adecd117232aeac50fb37983c501b646ad58baf18
.exe windows:4 windows x86 arch:x86

aefd2ba79f4a30d123544d14415dd5f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetProcAddress
GetModuleHandleExA
lstrcpynA
RtlMoveMemory
GetCurrentProcess
ReadProcessMemory
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
GetLocalTime
FreeLibrary
LoadLibraryA
LCMapStringA

msvcrt

atoi
_ftol
??2@YAPAXI@Z
??3@YAXPAX@Z
_atoi64
atof
sprintf
free
malloc
strchr
realloc
modf
memmove
strncmp
__CxxFrameHandler

user32

GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
SetWindowPos
ScreenToClient
GetWindowRect
SetWindowLongA
ShowWindow
GetDlgItem
wsprintfA
PostQuitMessage
DestroyWindow
DispatchMessageA
TranslateMessage
SendMessageA
GetMessageA
UpdateWindow
CreateDialogIndirectParamA
SetWindowTextA
MessageBoxA

shlwapi

PathFileExistsA

Sections

.text
Size: 896KB - Virtual size: 893KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

xeng
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aefd2ba79f4a30d123544d14415dd5f4

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

shlwapi

Sections

.text Size: 896KB - Virtual size: 893KB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 148KB - Virtual size: 432KB

.rsrc Size: 68KB - Virtual size: 65KB

xeng Size: 380KB - Virtual size: 380KB

.text
Size: 896KB - Virtual size: 893KB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 148KB - Virtual size: 432KB

.rsrc
Size: 68KB - Virtual size: 65KB

xeng
Size: 380KB - Virtual size: 380KB