ec5db1ce4282887a2f8a62b43da8aea454604a66560845063fa98525d0f63d96N

Sharing

Copy URL Twitter E-mail

General

Target

ec5db1ce4282887a2f8a62b43da8aea454604a66560845063fa98525d0f63d96N
Size

135KB
MD5

fbd1b7fa35dba8e8d76941770ad12150
SHA1

79f55af0f3b0f1ac5a4ff6ae24d1631d2f5efd6d
SHA256

ec5db1ce4282887a2f8a62b43da8aea454604a66560845063fa98525d0f63d96
SHA512

58052c12793fa480444e15b14a3b97a76638aa6434926179011c22245589993b6b357af7366d3c25a79475e719b09200a41a073add28fbbb58d2facaac058a25
SSDEEP

3072:Yt39VSyy9JdcGWyh7t/dSqOe1R0T+qnuSc9dH58QI:U0OHK7JdzAXuSc9dH58

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec5db1ce4282887a2f8a62b43da8aea454604a66560845063fa98525d0f63d96N

Files

ec5db1ce4282887a2f8a62b43da8aea454604a66560845063fa98525d0f63d96N
.exe windows:5 windows x86 arch:x86

ab20d66139c51b08af8238c847716764

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

exit
_except_handler3
__set_app_type
_unlock
_initterm
_beginthreadex
__setusermatherr
_controlfp
__p__commode
_acmdln
_adjust_fdiv
__getmainargs
log
_wcsicmp
_XcptFilter
_setjmp
cos
remove
__p__fmode

kernel32

VirtualProtect
GlobalAlloc
GetPrivateProfileStringA
GetModuleHandleA
UnhandledExceptionFilter
GetTempFileNameA
InterlockedExchange
GetCurrentDirectoryA
GetStartupInfoA
GetCurrentProcess
IsDebuggerPresent
OutputDebugStringA
GetSystemDirectoryW
lstrcmpiA

user32

DrawEdge
IsChild
SetCapture
GetCursorPos
GetKeyState
GetMenuItemID
CharLowerA
SetScrollPos
SetForegroundWindow
GetParent
ScrollWindow
GetPropA
GetSystemMenu
FillRect

comctl32

ImageList_Remove
CreatePropertySheetPageW
ImageList_Add
CreateToolbarEx
ImageList_GetIconSize

version

VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW
VerInstallFileA
GetFileVersionInfoA
GetFileVersionInfoSizeA

oleaut32

SafeArrayGetUBound
VariantCopyInd
VariantInit
SafeArrayPutElement
SysFreeString
SysReAllocStringLen
SafeArrayRedim

ole32

CreateItemMoniker
CoTaskMemFree
CoFreeUnusedLibraries
OleUninitialize
IsEqualGUID
OleIsCurrentClipboard
CLSIDFromString
CreateBindCtx
CoRegisterMessageFilter
CoUninitialize
CoRevokeClassObject

shell32

ExtractIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHBrowseForFolderA
SHBindToParent
ExtractIconExW
SHGetDiskFreeSpaceExW

gdi32

SetROP2
Escape
TextOutW
GetDeviceCaps
GetCharWidthW
CreatePatternBrush
CreateBrushIndirect
EndDoc
CreateDCA
GetPixel
SetViewportExtEx
CreateHatchBrush

advapi32

RegSetValueExW
AdjustTokenPrivileges
OpenThreadToken
EqualSid
CryptHashData
CryptReleaseContext

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab20d66139c51b08af8238c847716764

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

comctl32

version

oleaut32

ole32

shell32

gdi32

advapi32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 17KB - Virtual size: 39KB

.rsrc Size: 100KB - Virtual size: 99KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 17KB - Virtual size: 39KB

.rsrc
Size: 100KB - Virtual size: 99KB