b090359e6dfed2becda519f76a3fbe0fd1662c0af408cd173d70c6cd8272ab4f

Sharing

Copy URL Twitter E-mail

General

Target

b090359e6dfed2becda519f76a3fbe0fd1662c0af408cd173d70c6cd8272ab4f
Size

3.4MB
MD5

2803d9d357e742b747a96904e963a86a
SHA1

62cb69492e4d5b3783a0460ac781ee22e24ce459
SHA256

b090359e6dfed2becda519f76a3fbe0fd1662c0af408cd173d70c6cd8272ab4f
SHA512

26d051c0efbc9b383b5c92d83254b5642783af62daf91e737618f9b5d565fdf080046caa264cc35cd3493af119bcaf077193b8f25720bd834cb2c2505ca53d66
SSDEEP

98304:+D0oieaSc/4ss5fivrWgL28g7nL2K2bAmJOIM/z:ct3fii823nL2K2bAmJOIM/z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b090359e6dfed2becda519f76a3fbe0fd1662c0af408cd173d70c6cd8272ab4f

Files

b090359e6dfed2becda519f76a3fbe0fd1662c0af408cd173d70c6cd8272ab4f
.exe windows:4 windows x86 arch:x86

5ce50c946274d16757fdced5fdfcda56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

FreeLibrary
LeaveCriticalSection
GetTickCount
EnterCriticalSection
InitializeCriticalSection
GetCommandLineA
GetStartupInfoW
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeviceIoControl
EnumCalendarInfoA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstFileA
FindNextChangeNotification
FindNextFileA
FindResourceA
FormatMessageA
FreeResource
GetACP
GetCPInfo
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetSystemInfo
GetTempFileNameA
GetThreadLocale
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GetSystemDirectoryA
GlobalReAlloc
GlobalSize
GlobalUnlock
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrcpyW
lstrlenA
lstrlenW
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
RaiseException
ReadFile
ResetEvent
ResumeThread
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WriteProcessMemory
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapReAlloc
HeapAlloc
GetOEMCP
HeapFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetLastError
LoadLibraryA
GetProcAddress
GlobalLock
TlsAlloc
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
RtlUnwind
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA

user32

TranslateMDISysAccel
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
MessageBoxA
WinHelpA
WindowFromPoint

winspool.drv

DocumentPropertiesA
EnumPrintersA
OpenPrinterA
ClosePrinter

comdlg32

CommDlgExtendedError

advapi32

RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

ole32

ReleaseStgMedium
RevokeDragDrop

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ce50c946274d16757fdced5fdfcda56

Headers

File Characteristics

Imports

imm32

comctl32

version

kernel32

user32

winspool.drv

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB