ca13596ba44a825fe86bac5c9d6df633c1fb0039c2951fad0c61df0b59291d7bN

Sharing

Copy URL Twitter E-mail

General

Target

ca13596ba44a825fe86bac5c9d6df633c1fb0039c2951fad0c61df0b59291d7bN
Size

166KB
MD5

fd235f72a4b9dea5ef6344f32b66e3d0
SHA1

62e19b15f7b8f35b616255151ba994784da36dc9
SHA256

ca13596ba44a825fe86bac5c9d6df633c1fb0039c2951fad0c61df0b59291d7b
SHA512

1714cfc40e46e4dfd4cdac278fe11c1c2eef25e4e5bd37c56ffca3d8b6becfbe266c3c98ee444590d1786826b108027e34e39dc7e59e498f51effd90b2b74831
SSDEEP

3072:jtGqRRuT30UGeSgItLM3oNG2+o78g8ze8grXqz8mIMAJDYlIyYBoXFBkm:QqRRuT30HtAYNv9Yg8zdz8mcJD+IFBoZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca13596ba44a825fe86bac5c9d6df633c1fb0039c2951fad0c61df0b59291d7bN

Files

ca13596ba44a825fe86bac5c9d6df633c1fb0039c2951fad0c61df0b59291d7bN
.exe windows:4 windows x86 arch:x86

c5c5fc842aba4af091403e864dd902ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVISaveOptions
AVIMakeCompressedStream

advapi32

RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA

gdi32

SelectObject
CreateBitmap
GetDIBits
GetObjectType
DeleteDC
StretchBlt
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
CreateSolidBrush
SetBrushOrgEx
BitBlt
CreateDCW
CreateDIBSection
SetBkColor
DeleteObject
SetStretchBltMode

kernel32

CopyFileA
ReleaseMutex
GetTempPathW
GetSystemTime
DeleteFileW
WaitForMultipleObjects
LoadLibraryW
QueryPerformanceCounter
lstrlenW
GetLocaleInfoA
InterlockedExchange
SetFilePointer
GetTempFileNameA
CreateDirectoryW
FindFirstFileW
CreateFileA
GetModuleFileNameW
GetFileAttributesA
Sleep
InterlockedIncrement
GetProcessPriorityBoost
FindNextFileW
WriteFile
DeleteCriticalSection
GetACP
SetFileAttributesW
EnumResourceTypesW
DisableThreadLibraryCalls
GetTickCount
CreateMutexA
GetThreadLocale
InterlockedDecrement
GetTempPathA
OutputDebugStringA
CloseHandle
MultiByteToWideChar
GetVersionExA
MulDiv
ExitProcess
GetCurrentProcessId
GetTempFileNameW
ReadFile
FindClose
LeaveCriticalSection
WaitForSingleObject
lstrlenA
CreateDirectoryA
InitializeCriticalSection
RemoveDirectoryW
LocalAlloc
GetModuleFileNameA
WideCharToMultiByte
GetVersionExW
EnterCriticalSection
LocalFree
GetCurrentThreadId
GetProcAddress
SetFileAttributesA
OutputDebugStringW
FreeLibrary
DeleteFileA
GetLastError
GetSystemTimeAsFileTime

shell32

SHGetSpecialFolderPathA

shlwapi

PathRenameExtensionW
PathFileExistsA
PathAddBackslashW
PathRemoveBackslashW
PathIsDirectoryW
PathFileExistsW
PathCombineW
PathAppendW
PathRemoveFileSpecW

user32

TranslateMessage
CopyRect
OffsetRect
SetRectEmpty
GetClientRect
IsRectEmpty
ReleaseDC
GetDC
DispatchMessageW
wsprintfW
FillRect
PeekMessageW
GetWindowRect

winmm

timeGetTime

ole32

CoCreateInstance
StringFromGUID2
CoFreeUnusedLibraries
CoUninitialize
CoInitialize

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5c5fc842aba4af091403e864dd902ad

Headers

File Characteristics

Imports

avifil32

advapi32

gdi32

kernel32

shell32

shlwapi

user32

winmm

ole32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 64KB - Virtual size: 64KB

.tls Size: 1024B - Virtual size: 100KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 64KB - Virtual size: 64KB

.tls
Size: 1024B - Virtual size: 100KB