c96094f480d60991d6ba598a311e894bfe6707456b7c767a8dbbdfa8c6e22552

Sharing

Copy URL Twitter E-mail

General

Target

c96094f480d60991d6ba598a311e894bfe6707456b7c767a8dbbdfa8c6e22552
Size

15.1MB
MD5

781f3734b5596595aec68837e9ae5c7b
SHA1

db6ce4d9166d36995110df859f3f6470ada0f66a
SHA256

c96094f480d60991d6ba598a311e894bfe6707456b7c767a8dbbdfa8c6e22552
SHA512

acf734ffb7b118181b7899c4c4b7c901d5f966419e7923fd0a8ced4bdaf5646c3cf7a686f28d1557edc602647562c3e820f26a910d1b6b17d8e666c587875171
SSDEEP

393216:6/tbOlX7nCfTm4erfMc9DCcvvRQY9C3JCv+5ED8rpRE2nBmPo:ytbOlbCq4ejXW4JuYZ8Iy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c96094f480d60991d6ba598a311e894bfe6707456b7c767a8dbbdfa8c6e22552

Files

c96094f480d60991d6ba598a311e894bfe6707456b7c767a8dbbdfa8c6e22552
.exe windows:6 windows x86 arch:x86

00fb77a4a91bd5c47adcd72859e2cb9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

LoadCursorW

gdi32

CreateRectRgnIndirect

winmm

waveOutOpen

winspool.drv

DocumentPropertiesA

comdlg32

ChooseColorA

advapi32

LookupPrivilegeValueA

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance

oleaut32

SafeArrayUnaccessData

mprapi

MprConfigServerDisconnect

wininet

InternetCheckConnectionA

rasapi32

RasEnumEntriesA

shlwapi

StrToIntExW

psapi

EmptyWorkingSet

ntdll

NtWaitForSingleObject

advpack

IsNTAdmin

ws2_32

inet_addr

winhttp

WinHttpOpen

gdiplus

GdiplusStartup

version

VerQueryValueW

dbghelp

MakeSureDirectoryPathExists

comctl32

ord17

Sections

.text
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvmp0
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bvmp1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvmp2
Size: 15.1MB - Virtual size: 15.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00fb77a4a91bd5c47adcd72859e2cb9b

Headers

DLL Characteristics

File Characteristics

Imports

msvfw32

avifil32

kernel32

user32

gdi32

winmm

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

mprapi

wininet

rasapi32

shlwapi

psapi

ntdll

advpack

ws2_32

winhttp

gdiplus

version

dbghelp

comctl32

Sections

.text Size: - Virtual size: 2.8MB

.rdata Size: - Virtual size: 11.4MB

.data Size: - Virtual size: 327KB

.msvcjmc Size: - Virtual size: 3KB

.bvmp0 Size: - Virtual size: 4.9MB

.bvmp1 Size: 4KB - Virtual size: 3KB

.bvmp2 Size: 15.1MB - Virtual size: 15.1MB

.rsrc Size: 9KB - Virtual size: 30KB

.text
Size: - Virtual size: 2.8MB

.rdata
Size: - Virtual size: 11.4MB

.data
Size: - Virtual size: 327KB

.msvcjmc
Size: - Virtual size: 3KB

.bvmp0
Size: - Virtual size: 4.9MB

.bvmp1
Size: 4KB - Virtual size: 3KB

.bvmp2
Size: 15.1MB - Virtual size: 15.1MB

.rsrc
Size: 9KB - Virtual size: 30KB