f6cb8e7f5a6d0f4d3dc7f24018678e338f93fba167dc7b3445e4184d090b7ec9N

Sharing

Copy URL Twitter E-mail

General

Target

f6cb8e7f5a6d0f4d3dc7f24018678e338f93fba167dc7b3445e4184d090b7ec9N
Size

103KB
MD5

1e92c0e907558dacf29c05ff97e8a5d0
SHA1

d61c2646c7a779c35cfd4d628cbeac1e6639aa22
SHA256

f6cb8e7f5a6d0f4d3dc7f24018678e338f93fba167dc7b3445e4184d090b7ec9
SHA512

8f3527b5e8f0f0df06aff45cad6935e3b51cd438e4a806f165207099eb55207e41dea02cf955743e08776b897a1fc4ec3f6b7b16e74655110959bddd41d72dfc
SSDEEP

3072:t5CHDGbL0e7sOXO7Z2url6H2B7Vw5MmQaBVEp:twHUg8bQ2uYk7V8MmQA2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6cb8e7f5a6d0f4d3dc7f24018678e338f93fba167dc7b3445e4184d090b7ec9N

Files

f6cb8e7f5a6d0f4d3dc7f24018678e338f93fba167dc7b3445e4184d090b7ec9N
.exe windows:4 windows x86 arch:x86

5a798f81c9ba5d7918ec7af056b0cca1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
realloc
_acmdln
__set_app_type
strncmp
_initterm
_except_handler3
__getmainargs
free
calloc
_exit
__p__commode
__setusermatherr
strlen
sprintf
fputs
_adjust_fdiv
strchr

kernel32

WaitForMultipleObjects
EnumCalendarInfoA
ReadFile
GetVersionExA
GetUserDefaultLangID
LocalFileTimeToFileTime
GetProcAddress
DuplicateHandle
CreateProcessW
FreeLibrary
WriteFile
LoadLibraryExW
GetCommandLineW
GetStartupInfoA
lstrcpyA
SetFileTime
DeleteFileW

oleaut32

SafeArrayRedim
LoadTypeLib
VariantCopy
SysAllocStringLen
VariantInit
SetErrorInfo
SafeArrayCreate
CreateErrorInfo
VariantClear
SysAllocStringByteLen
GetActiveObject
SysStringLen

gdi32

GetPixel
RestoreDC
SetMetaFileBitsEx
GetTextExtentPoint32W
ExtEscape
SetRectRgn
SetPolyFillMode
PtInRegion
CreatePalette
ScaleViewportExtEx
GetSystemPaletteEntries
GetTextMetricsA

ole32

ReleaseStgMedium
IsAccelerator
RegisterDragDrop
CoRegisterMessageFilter
DoDragDrop
CoGetMalloc
CoTaskMemFree
CoGetInterfaceAndReleaseStream
PropVariantClear
StringFromCLSID
StringFromIID

advapi32

RegSetValueExA
GetLengthSid
OpenSCManagerA
CryptDestroyHash
DeleteService
RegQueryValueExW
RegQueryValueA
LookupPrivilegeValueA
LookupPrivilegeValueW
RegOpenKeyW
AddAccessAllowedAce
RegEnumKeyExW

comctl32

DestroyPropertySheetPage
ImageList_GetImageCount
ImageList_DragLeave
ImageList_LoadImageW
PropertySheetW
ImageList_Replace
ImageList_Write
ImageList_Read
ImageList_DragEnter
ImageList_SetImageCount
ImageList_EndDrag
ImageList_DragShowNolock
CreatePropertySheetPageA
CreateStatusWindowA

user32

GetMenuItemCount
DestroyCursor
ScreenToClient
SystemParametersInfoA
FillRect
ShowOwnedPopups
RemovePropA
InvalidateRect
GetClassInfoA
GetCursorPos

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a798f81c9ba5d7918ec7af056b0cca1

Headers

File Characteristics

Imports

msvcrt

kernel32

oleaut32

gdi32

ole32

advapi32

comctl32

user32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 26KB - Virtual size: 26KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 16KB - Virtual size: 15KB