e194bbd8487306307580e17f596aa9582f789a4332d08aff0c480fd62eb4054b

Sharing

Copy URL

Twitter E-mail

General

Target

e194bbd8487306307580e17f596aa9582f789a4332d08aff0c480fd62eb4054b
Size

10.2MB
MD5

cf694677c805e8940fd87b70ad9cc6d4
SHA1

bddac4baccb2213ce5d4ab3015a00c860690d5db
SHA256

e194bbd8487306307580e17f596aa9582f789a4332d08aff0c480fd62eb4054b
SHA512

fd8dfa772511baa974203edfd7168cee8cf3223ac899357c852b6bf10c721a4353dcc9c2e30f334a32643cf6a64e883934f9c319446af07caf34dc06cd50eab7
SSDEEP

196608:H+XQBM45CF6XHplJhG/L4KFFVGId7vARSPlIskHx:x/XJl2L7LGe74sPlmHx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e194bbd8487306307580e17f596aa9582f789a4332d08aff0c480fd62eb4054b

Files

e194bbd8487306307580e17f596aa9582f789a4332d08aff0c480fd62eb4054b
.exe windows:5 windows x86 arch:x86

cc793cd32601f6e7dfa783bae1bca597

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader

ws2_32

WSACleanup

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowRgn
CharUpperBuffW

gdi32

ExtSelectClipRgn

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

LoadTypeLi

comctl32

ImageList_GetIcon

comdlg32

ChooseFontA

Exports

Exports

�C��D�"�U'��+��I.�h��M��bG'��ޑ�e��e�^�/��]�2��$��2:��Ӑ��JJ�Jhv�/�+�x&��%VI4�*�J=�=J#�]�}�T%WR�� C*+6.��#C�x};|��4��a��nl v}�o��ܨe�%��rn|i�A��Ĝv�e 4��$�nĭu�jK�1��\�·:�zd��C�s@ܼ��K��g�P��:L�>z�p��o[(3CZ� Wp�s��)?&��K��`�K`�J�&!(��[��Q�|�Az�E��9�cp�u�Vj)�/�sYJ��eU 6��;pN"@�TM7ªz�<�y�$��j��y��-��a�?�^�s҃�f�Wq�0Pa��}��޹%#�(�C[�)��Hg�O۱h�TRŀ��+��V��9 ��P;-��}��_Mq�iAB�V��I.�ۑ%)3FR��+@�4ʇ�|�D�p�j�`�jar?��K��E.A�+�xs�K b�l��+�P��o�ڜ<�@uq�D�x��k�@�C4��ܸ�KY�~~�v-��kx*/�~M��3xj�h�U��O�xoW�Hľ�˔Z�>�~E�ms�+O�L9<��|��^��Z��8�۵��Z&v̗!��:/�r(gf�LW��c�k+�g[7`4s�V��㢭9=�r��k��(��3�qa��{�V�?K��4��@�I�1�#��U<��~��z��vu�{��ΘolG��Җ��ݭ��*+��MsK��V�$��%��6�x�9G��`�� >��s�L��R^y�ݲ��"&��\�зk��%��'K��SL��o��iQO!�YFQ̑N��t�4 �0��hbf�sP�D��⻰��?߱?e<lO��P&"��v$]w��:z�Z�Ө@gK#��8�<R^\��r��w:3~�D��G�Ĝ΍�Nj�Q�;��֗�E��r� �F�+�z>�+��Iz��ʉ�� b-6��X{ ��9��@D)��1`f��|�G�MՊ�#�k�Q�`��?/]��@=oǇ�9ܳ�-o6�ʷ��5�3 �I��w�zF��M�긂��i�H��N9�$<��8>��)]\ϟ��m��Z�M��X-_�n� ��O�Ҟ�G��DxU�mok�m��h��/�%"��>�ɪL �6��s��WfNL(� ��!�j��S��.|�O+� j�KT�� 5��*U�qB�Y~�WxV!MlУgkPƶ��'<ָ��[u��o�7�͑�勐?��(��Ư@yՌ��ujS:t�Z8��~C��o5ޑE?]��G<f��k��:JdB@c<[依��dKb��я��^!ʥW�q٬˷�iwv��]��L̨�� X�?L��E�A�T�bB%�I^j�ؕ�%ٕ#{� �_"��?��w2˰�p�H��YѮ��}k�n�E��ˢJ7��˨FB-�N�kc�'t�C"ė�0 ~:z�kJG/��?2�jWV!T�n�r�M�@D��$��:��qA�Z)܃��?��Ə��sٴ��ti~�Rⷾ�/�7��[��*;'[,G��s�X��>j�ظrcw�Ews��d��y}��<�$�Wt@�M��௥4��uٔ�CE��e�tA-{��7OUN-g��i��~�d�;��:9�!CI��Q�h�C �рg`E*�&1�|I�l��n]��ѭ)�^'�a��Є �Y+�0��b\�Xd!��x�W.އ�^�=��ti�k;sY1��N��ű,�Mp|R��NF_-��9�É��B��g��+��"��Am\;U_M��7��޽Lg��g+��P�^BErL�b,��$WG2�;�M�4nP�YZ�{��\�L� ?q��Sߺy�w��3,#K`M��2��<��4�c�z�� a�Ѻ`=6��-�4&� ��?�=�Ŝ�um -{B\b��d�"d p7E(�]��n8v�j�B�uwDY��ج[B�N:^�q4"Q_��j|�S��ˁ4sp�'�Wq�nǲ6��S�I��|8��ÐD��,��"1oClQf룢��]�_�cg��z�)+jq��@Y$��P�h�0^ፊ�۴h�x��,�y��jp��c£�vp'��[~�� M�?�,��|X��x'l��Fc,=�C��X� ��tf��g�\W{x�E�B�0��wnt��Eژ�I�{��%��/�4Q�[n|'�˔��r�Ec��&�Ua�PZ��-��-��aH��÷,n�HW��m�E|~�u*�>��]kfI��2�[)l��|�by4��N(�׼��z�.��>��ڧpL�#ș��%�G��t|��HG��@I:yoڲ#��+g6r޲��1=Nٚ !�xxK��I�_͙��u;�4�8F��a[�i�բ�"M� ��<��&@+)�v�~��}��g�c��3�a�`� ��Ҵ��AQcQ�[�z�E��j�rO��H)#�7~��N,c��}j�%��<kZJ�:�l� h8{��1��O��E�]��" ��x&�6ɰ��XH��6*ʁa�r��:ɡ�H5 a4l>�<��S�K��eZ�UAF�ӧ$��2��9j'�%�o��<+x��<�%�m� Q��\#��7��o$ǀa��L�%��/{�$ҡ�ňf�`�1$̹O��Gǆ7��Pk��f�YR?��;|��8nd��!z�{�x}so՟f�x��qf¯w��{��{�L��f�b�rX��d�tb�c}� WkW_cA�+m.�|��03�F��c�_��rõe�� 2)ӪPgX��+{��v�ffڣ�*�%�

Sections

.text
Size: - Virtual size: 1008KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp0
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.svmp1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.svmp2
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc793cd32601f6e7dfa783bae1bca597

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 1008KB

.rdata Size: - Virtual size: 1.7MB

.data Size: - Virtual size: 402KB

.svmp0 Size: - Virtual size: 6.4MB

.svmp1 Size: 4KB - Virtual size: 2KB

.svmp2 Size: 10.2MB - Virtual size: 10.2MB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: - Virtual size: 1008KB

.rdata
Size: - Virtual size: 1.7MB

.data
Size: - Virtual size: 402KB

.svmp0
Size: - Virtual size: 6.4MB

.svmp1
Size: 4KB - Virtual size: 2KB

.svmp2
Size: 10.2MB - Virtual size: 10.2MB

.rsrc
Size: 4KB - Virtual size: 3KB