98e0a97619161180ef024f27cc7f428e34a1def231812e0305530bf84c327b35N

Sharing

Copy URL

Twitter E-mail

General

Target

98e0a97619161180ef024f27cc7f428e34a1def231812e0305530bf84c327b35N
Size

59KB
MD5

f8728602752912df55b92bb25bba0240
SHA1

003b3d5dc3b3e40a7085736f646638d95661eb33
SHA256

98e0a97619161180ef024f27cc7f428e34a1def231812e0305530bf84c327b35
SHA512

7d2215a41603c2f8a70622e36e147074ee178c8ccecd5d5d8e20913b44ad487798b52efc30d9e9aa6b0966e95715faaaa2035555f1afe3eb8062b1dec2a65fa9
SSDEEP

1536:6dJ9t+qNwU1pcMXahYm6tlOudRJu8hGF2S1Dn:6DxNxcMq2m6XHPhGx1Dn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98e0a97619161180ef024f27cc7f428e34a1def231812e0305530bf84c327b35N

Files

98e0a97619161180ef024f27cc7f428e34a1def231812e0305530bf84c327b35N
.exe windows:4 windows x86 arch:x86

f23259f01e64eabaeefcfdd9288987c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

HashData
PathRemoveBlanksA
StrToIntExA
UrlIsOpaqueA
PathIsFileSpecA
ColorHLSToRGB
AssocQueryStringA
PathIsRelativeA
PathFindOnPathA
StrChrIA
SHAutoComplete
SHRegWriteUSValueA
StrRChrIA
PathQuoteSpacesA
PathIsUNCA
PathMakePrettyA
SHRegEnumUSKeyA
StrIsIntlEqualA
SHDeleteValueA
PathCommonPrefixA
SHIsLowMemoryMachine
PathSearchAndQualifyA
UrlGetLocationA
PathAppendA
PathFileExistsA
PathStripToRootA
SHCreateStreamWrapper
StrFormatByteSize64A
UrlCombineA
SHRegCreateUSKeyA

kernel32

WriteProfileStringA
GetNumberOfConsoleMouseButtons
GetCommModemStatus
GetProcessAffinityMask
FreeConsole
LoadModule
GetCommState
PrepareTape
_lread
SetCommTimeouts
GenerateConsoleCtrlEvent
SetConsoleCursorPosition
GetFullPathNameA
FoldStringA
GetComputerNameA
GetProcessVersion
AreFileApisANSI
WriteFileGather
WaitForSingleObject
CancelIo
SetCommMask
Thread32Next
lstrcpy
ReadConsoleOutputA
GetShortPathNameA
GetTimeZoneInformation
GetCurrentDirectoryA
GetNumberFormatA
MulDiv
EnumCalendarInfoA
lstrcat
HeapCompact
IsProcessorFeaturePresent
TlsSetValue
VirtualFree
OpenProcess
CompareStringA
GetFileTime
VirtualAlloc
UnhandledExceptionFilter
MapViewOfFile
DuplicateHandle
GlobalCompact
SetConsoleCtrlHandler
GlobalReAlloc
EnumResourceTypesA
ReleaseSemaphore
SetProcessAffinityMask
IsBadReadPtr
LockFileEx
OpenSemaphoreA
TlsFree
FindResourceA
CopyFileA
CreateDirectoryExA
GetCPInfoExA
SetFilePointer
PurgeComm
CallNamedPipeA
Process32Next

advapi32

RevertToSelf

Sections

.xyp
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dcl
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jilsf
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bad
Size: 27KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f23259f01e64eabaeefcfdd9288987c8

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

Sections

.xyp Size: 22KB - Virtual size: 45KB

.dcl Size: 5KB - Virtual size: 10KB

.jilsf Size: 1024B - Virtual size: 1KB

.bad Size: 27KB - Virtual size: 132KB

.rsrc Size: 2KB - Virtual size: 4KB

.xyp
Size: 22KB - Virtual size: 45KB

.dcl
Size: 5KB - Virtual size: 10KB

.jilsf
Size: 1024B - Virtual size: 1KB

.bad
Size: 27KB - Virtual size: 132KB

.rsrc
Size: 2KB - Virtual size: 4KB