de6d6dcf4917c8eb8ed33264bfe0fb9bdbb66b4ec06659a50d4aac748e45c4cbN

Sharing

Copy URL

Twitter E-mail

General

Target

de6d6dcf4917c8eb8ed33264bfe0fb9bdbb66b4ec06659a50d4aac748e45c4cbN
Size

238KB
MD5

097bc7364f11947d4f34dbaacf687200
SHA1

2414f72617efa3b3123371660ce1a763d8990006
SHA256

de6d6dcf4917c8eb8ed33264bfe0fb9bdbb66b4ec06659a50d4aac748e45c4cb
SHA512

a5473804312b0049fe1cfab37f3d99d80ffa44a2f954ac12f3b3cd2e90110985ae268ae4a9aa1a0f0ba075c6d857ba037b11f37c86aba4136a4de5aa21b98ef1
SSDEEP

6144:lj/F2jev1hXmWd5ttjq8zLozB/XEeLtnSzJb/zBAf/fuCB:hd2iDXz5jpQ1Ztqb9Af/J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de6d6dcf4917c8eb8ed33264bfe0fb9bdbb66b4ec06659a50d4aac748e45c4cbN

Files

de6d6dcf4917c8eb8ed33264bfe0fb9bdbb66b4ec06659a50d4aac748e45c4cbN
.exe windows:5 windows x86 arch:x86

3b7bd8757d6679c0657a1845d7c4b902

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsA
SetSystemPowerState
LocalShrink
GetTempPathW
RegisterWowExec
GetLocaleInfoA
GetProcessId
ChangeTimerQueueTimer
LoadLibraryW
EnumCalendarInfoExW
SetConsoleScreenBufferSize
GetWindowsDirectoryA
CreateConsoleScreenBuffer
EnterCriticalSection

mscat32

CryptCATGetCatAttrInfo
CryptCATAdminAddCatalog
CryptCATGetMemberInfo
CryptCATCDFEnumAttributesWithCDFTag
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATCDFEnumCatAttributes
CatalogCompactHashDatabase
CryptCATCDFEnumMembers
CryptCATGetAttrInfo
CryptCATCDFEnumMembersByCDFTagEx
CryptCATEnumerateCatAttr
CryptCATCatalogInfoFromContext
CryptCATCDFEnumMembersByCDFTag
DllUnregisterServer
CryptCATAdminCalcHashFromFileHandle
CryptCATOpen
CryptCATCDFClose
DllRegisterServer
CryptCATPersistStore

t2embed

_TTEmbedFontFromFileA@52
_TTRunValidationTests@8
_TTIsEmbeddingEnabledForFacename@8
_TTCharToUnicode@24
TTRunValidationTests
_TTGetEmbeddingType@8
TTGetEmbeddingType
TTGetNewFontName
TTEmbedFont
_TTGetEmbeddedFontInfo@28
_TTLoadEmbeddedFont@40
TTIsEmbeddingEnabled
_TTIsEmbeddingEnabled@8
TTRunValidationTestsEx
_TTDeleteEmbeddedFont@12
TTEmbedFontEx
TTLoadEmbeddedFont
_TTEmbedFont@44
TTDeleteEmbeddedFont
TTEmbedFontFromFileA
TTCharToUnicode
_TTEnableEmbeddingForFacename@8
TTGetEmbeddedFontInfo
TTEnableEmbeddingForFacename
TTIsEmbeddingEnabledForFacename

sqlunirl

_RegLoadKey_@12
_PostMessage@16
_PolyTextOut_@12
_DrawText@20
AllocConvertMultiSZNameToA
_EnumDependentServices_@24
_Shell_NotifyIcon_@8
_BroadcastSystemMessage_@20
_GetVolumeInformation_@32
_EnumResourceLanguages_@20
_OpenFileMapping_@12
_MoveFile@8
_FatalAppExit_@8

crypt32

CertGetValidUsages
CertSetCRLContextProperty
CertFindCertificateInStore
CryptSignAndEncodeCertificate
CryptInstallDefaultContext
I_CryptInstallOssGlobal
CertGetPublicKeyLength
CertFreeCertificateContext
CertFreeCertificateChain
CertGetCTLContextProperty

crtdll

atan2
_mbctype
_getdiskfree
_stricmp
_clearfp
isxdigit
mbtowc
_wtol
_lrotr
modf
wcschr
_c_exit
strspn
_mbsnicmp
_kbhit

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b7bd8757d6679c0657a1845d7c4b902

Headers

File Characteristics

Imports

kernel32

mscat32

t2embed

sqlunirl

crypt32

crtdll

Sections

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 84KB - Virtual size: 83KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 84KB - Virtual size: 83KB

.rsrc
Size: 10KB - Virtual size: 9KB