271ba9f0943bdba853e5c8b010009bfa5798eae9ce78f5f2cd6d04b27efae4db

Sharing

Copy URL Twitter E-mail

General

Target

271ba9f0943bdba853e5c8b010009bfa5798eae9ce78f5f2cd6d04b27efae4db
Size

6.3MB
MD5

69ced9262120631436c86c584547fce9
SHA1

45c9d482f09352a09895899c9ad7bf3d02800147
SHA256

271ba9f0943bdba853e5c8b010009bfa5798eae9ce78f5f2cd6d04b27efae4db
SHA512

c1c964620668a6cc3edf11cbd086ec3894ce921a2dfb98a7279e9e9b4b930c57aa14d992dd7b37efa538faaf0064dd698593cbc7e15d088dda71f26b203c6c3e
SSDEEP

196608:V2TXW55ua23Uoxt1sfx9fZ7+PxrPOcXBFOZ:kzW541xrsfx9fZMxbOcX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
271ba9f0943bdba853e5c8b010009bfa5798eae9ce78f5f2cd6d04b27efae4db

Files

271ba9f0943bdba853e5c8b010009bfa5798eae9ce78f5f2cd6d04b27efae4db
.exe windows:5 windows x86 arch:x86

9350057e967c203748861b0ad843ed58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

htons

version

VerLanguageNameA

kernel32

GetVersion
GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DeleteMenu
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

ShellExecuteA

ole32

OleRun

oleaut32

GetErrorInfo

comctl32

ImageList_GetImageCount

comdlg32

ChooseColorA

wtsapi32

WTSSendMessageW

Sections

Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 780KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 544KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9350057e967c203748861b0ad843ed58

Headers

File Characteristics

Imports

winmm

ws2_32

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

wtsapi32

Sections

Size: - Virtual size: 1.2MB

Size: - Virtual size: 628KB

Size: - Virtual size: 383KB

Size: - Virtual size: 2.6MB

Size: 5.0MB - Virtual size: 5.0MB

Size: 16KB - Virtual size: 12KB

Size: 780KB - Virtual size: 776KB

Size: 4KB - Virtual size: 4KB

Size: 544KB - Virtual size: 542KB

Size: 16KB - Virtual size: 12KB