e6f9a4e78c55c8ac88cb743eb30f76c9d77025ed652aeeb3e5dac76c6a0866f1

Sharing

Copy URL Twitter E-mail

General

Target

e6f9a4e78c55c8ac88cb743eb30f76c9d77025ed652aeeb3e5dac76c6a0866f1
Size

55KB
MD5

1009f473ab4df7decd2920c1bc5b5786
SHA1

b58e423506d79fc3934148800e5564adf1d1f531
SHA256

e6f9a4e78c55c8ac88cb743eb30f76c9d77025ed652aeeb3e5dac76c6a0866f1
SHA512

3d5bf024167a5a5b8971ce430b07708613e32782b98491199496818c1a9a677f501bfa590eaddcf282ac274f7df934d0352735d622485b4e3f91e1271b4cf7f9
SSDEEP

1536:TEGaxMjjwHmzU6ri1NIIVH8G9cy+QMX7GLRY:QGoCjwGQDSy+Qi7A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6f9a4e78c55c8ac88cb743eb30f76c9d77025ed652aeeb3e5dac76c6a0866f1

Files

e6f9a4e78c55c8ac88cb743eb30f76c9d77025ed652aeeb3e5dac76c6a0866f1
.exe windows:4 windows x86 arch:x86

36181578ad7da63434553d3ee4c7ea81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyA
RegOpenKeyW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegEnumKeyW

gdi32

PatBlt
GetSystemPaletteEntries
CreatePalette
GetPaletteEntries
GetDeviceCaps
SelectObject
GetNearestPaletteIndex
RealizePalette
GetStockObject
DeleteObject
GetObjectW
GetDCOrgEx
SelectPalette
GetClipBox
SetWindowOrgEx

user32

OpenClipboard
DispatchMessageW
TranslateMessage
KillTimer
EndPaint
GetAsyncKeyState
CreateWindowExW
MsgWaitForMultipleObjects
wsprintfW
BeginPaint
SetWindowLongW
PeekMessageW
GetClipboardData
wsprintfA
wvsprintfW
GetParent
MessageBeep
EmptyClipboard
RegisterClassW
DefWindowProcW
GetClassInfoW
SetCursor
MessageBoxW
LoadStringA
SetTimer
SendMessageW
PostMessageW
UpdateWindow
GetDC
GetClientRect
GetWindowLongW
EqualRect
LoadStringW
InvalidateRect
LoadCursorW
SetClipboardData
CloseClipboard
SetRect
IsWindow
GetMessageW
ReleaseDC
ClientToScreen

msvfw32

DrawDibClose
ICSeqCompressFrameEnd
DrawDibGetPalette
DrawDibDraw
ICCompressorChoose
ICSeqCompressFrame
DrawDibBegin
ICSeqCompressFrameStart
DrawDibOpen
ICCompressorFree
ICImageDecompress
DrawDibRealize

ntdll

RtlUlongByteSwap
NtCreateDebugObject
NtAllocateVirtualMemory

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

mmioAscend
OpenDriver
mmioCreateChunk
waveInClose
waveInOpen
waveOutGetNumDevs
timeGetTime
mmioOpenW
mmioRead
CloseDriver
waveInStart
waveInPrepareHeader
waveInStop
waveInReset
SendDriverMessage
waveInUnprepareHeader
waveInAddBuffer
mmioWrite
mmioDescend
mmioClose
mciSendStringW
mmioFlush
mmioSeek

kernel32

CreateFileW
GetDiskFreeSpaceW
lstrcpyW
IsBadWritePtr
WriteFile
GetThreadPriority
GlobalLock
LocalUnlock
SetEvent
IsBadStringPtrW
lstrcpyA
Sleep
IsBadCodePtr
GetVersionExW
GlobalReAlloc
VirtualFree
MultiByteToWideChar
LocalLock
lstrlenA
SetThreadPriority
DeleteFileW
LeaveCriticalSection
GetTickCount
HeapFree
SetFilePointer
QueryPerformanceFrequency
WideCharToMultiByte
CloseHandle
GetProcessHeap
IsBadReadPtr
GetSystemInfo
WaitForSingleObject
QueryPerformanceCounter
GetProcAddress
lstrcatW
lstrcmpiW
MulDiv
DisableThreadLibraryCalls
GlobalFree
lstrlenW
VirtualAlloc
GlobalMemoryStatusEx
CreateThread
lstrcatA
DeleteCriticalSection
GetOverlappedResult
EnterCriticalSection
GlobalAlloc
GetModuleFileNameW
InitializeCriticalSection
GlobalUnlock
GetCurrentThreadId
GetCurrentThread
GetFileSize
GetACP
GetLastError
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
LocalAlloc
IsBadHugeReadPtr
ExitProcess
LocalFree
LoadLibraryW
GetPrivateProfileStringW
LocalHandle
HeapAlloc
CreateEventW
GlobalHandle
lstrcpynW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36181578ad7da63434553d3ee4c7ea81

Headers

File Characteristics

Imports

advapi32

gdi32

user32

msvfw32

ntdll

version

winmm

kernel32

Sections

.text Size: 6KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 5KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 72KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 72KB

.reloc
Size: 512B - Virtual size: 24B