21252047c58684058735c77cc021b4e2d37eea1c3efdba4d69ba19d2d41c15ed

Sharing

Copy URL Twitter E-mail

General

Target

21252047c58684058735c77cc021b4e2d37eea1c3efdba4d69ba19d2d41c15ed
Size

7.0MB
MD5

dbbb4140d8465d7c4aa4f999facd5bf3
SHA1

0ef4a7d50bab49d5f8c833dbe1997fa51a1455ca
SHA256

21252047c58684058735c77cc021b4e2d37eea1c3efdba4d69ba19d2d41c15ed
SHA512

8a41432333f2bd4f36dc977ebc16726542f067e186c0f0b29685cb4c8dcca7dbad5a7bb727b7ab8cf0a89718629df8b410a4b74db6d9b6b29dc951b9457f64eb
SSDEEP

98304:anBKwF7RcjKLnKvUFTUDsSSlYrT/CvjcatXmEMWvg3/DN+b:/M7FeMFTUDsFlYrT/CvAatXmEM9h+b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21252047c58684058735c77cc021b4e2d37eea1c3efdba4d69ba19d2d41c15ed

Files

21252047c58684058735c77cc021b4e2d37eea1c3efdba4d69ba19d2d41c15ed
.exe windows:6 windows x64 arch:x64

6540d4e5af5219d37363139d689f8091

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcef

cef_string_multimap_append

kernel32

GetVersionExW
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperW
CharUpperBuffW

gdi32

GetPixel

msimg32

TransparentBlt

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteValueW
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW

uxtheme

GetThemeSysColor

ole32

CoTaskMemAlloc

oleaut32

LoadTypeLi

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI

oleacc

AccessibleObjectFromWindow

imm32

ImmReleaseContext

winmm

PlaySoundW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6540d4e5af5219d37363139d689f8091

Headers

DLL Characteristics

File Characteristics

Imports

libcef

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

wtsapi32

Sections

.text Size: - Virtual size: 2.6MB

.rdata Size: 757KB - Virtual size: 757KB

.data Size: - Virtual size: 146KB

.pdata Size: - Virtual size: 109KB

_RDATA Size: - Virtual size: 244B

.vmp0 Size: - Virtual size: 5.6MB

.vmp1 Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 66KB - Virtual size: 65KB

.rsrc Size: 22KB - Virtual size: 21KB

.text
Size: - Virtual size: 2.6MB

.rdata
Size: 757KB - Virtual size: 757KB

.data
Size: - Virtual size: 146KB

.pdata
Size: - Virtual size: 109KB

_RDATA
Size: - Virtual size: 244B

.vmp0
Size: - Virtual size: 5.6MB

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 66KB - Virtual size: 65KB

.rsrc
Size: 22KB - Virtual size: 21KB