b1b2f93bebaae26d062101082cc76ef4df2c76e113a84cc48cc5f68c584b12aa

Sharing

Copy URL Twitter E-mail

General

Target

b1b2f93bebaae26d062101082cc76ef4df2c76e113a84cc48cc5f68c584b12aa
Size

17KB
MD5

414300d30739ffd24ec510a0d2fe2101
SHA1

a9cca52e668c4e6f026a9a0a5fc77430af678ba9
SHA256

b1b2f93bebaae26d062101082cc76ef4df2c76e113a84cc48cc5f68c584b12aa
SHA512

cd51b47e6c943e74d5d42e30318239106ac14b55be70c165469166891a1b3dc6352fca78e713ab4b6c5dda4162ebc1b773ff183af9e96b1b54a8487a2d63ba23
SSDEEP

384:3E3Ou2gXsPNdP5aiSNH1ALuvJgjgZ68l9negGKnrWe+RWF:3EeuKh7SjASJgjgbPFAc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1b2f93bebaae26d062101082cc76ef4df2c76e113a84cc48cc5f68c584b12aa

Files

b1b2f93bebaae26d062101082cc76ef4df2c76e113a84cc48cc5f68c584b12aa
.exe windows:5 windows x86 arch:x86

22b879b9d4d69dbb90c0a9fbf41b9269

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

runonce.pdb

Imports

msvcrt

_vsnwprintf
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumValueW

kernel32

GetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
CloseHandle
SetInformationJobObject
CreateIoCompletionPort
GetQueuedCompletionStatus
GetModuleHandleA
lstrlenW
LoadLibraryA
TerminateThread
TerminateProcess
ResumeThread
AssignProcessToJobObject
CreateProcessW
GetSystemDirectoryW
CreateThread
CreateJobObjectW
ExitProcess
LocalFree
LocalAlloc
lstrcmpiW
FreeLibrary
GetCommandLineW
GetStartupInfoW
WaitForSingleObjectEx
GetPrivateProfileIntW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetWindowsDirectoryW

gdi32

GetObjectW
BitBlt
DeleteObject
CreateSolidBrush
CreateCompatibleDC
ExtTextOutW
SetBkColor
GetTextExtentPointW
CreateFontIndirectW
SelectObject

user32

GetKeyState
DispatchMessageW
SetCursor
LoadCursorW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CharNextW
GetSystemMetrics
EndDialog
GetDlgItem
LoadStringW
GetParent
GetWindowTextW
MessageBoxW
ExitWindowsEx
PostMessageW
GetSysColor
LoadBitmapW
DrawTextW
SendMessageW
MessageBeep
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
GetShellWindow
DialogBoxParamW

shlwapi

ord437
ord552
SHGetValueW
PathQuoteSpacesW
ord460
PathAppendW

comctl32

ord334
ord328
ord329

shell32

ord723
ord100
ord182
ShellExecuteExW
ord653

ole32

CoTaskMemFree

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

22b879b9d4d69dbb90c0a9fbf41b9269

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shlwapi

comctl32

shell32

ole32

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 98KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 98KB