28da99290305d79ca27f3a1adcb64e92677911cd859e7abcfb4b6003c11778c5N

Sharing

Copy URL Twitter E-mail

General

Target

28da99290305d79ca27f3a1adcb64e92677911cd859e7abcfb4b6003c11778c5N
Size

26KB
MD5

74a3d53482e86a163bf304efd2ab35f0
SHA1

c4c313fea2504dc546023584b23c7fad998d1adb
SHA256

28da99290305d79ca27f3a1adcb64e92677911cd859e7abcfb4b6003c11778c5
SHA512

1b1026ed21132a328b0a9d41782db8d73313c86e5d358757a2d1aca9ba61b501f421a6ea52836336cdfe8dce55a8ad8c64d0695799f771a859dd53e6bb6090de
SSDEEP

384:XwEMp13wZ4Et1X1TKmioIRLd5mNouH+Qsafk6mywgUAZLQc0HiyE/HS9K6cIsO:gEo13Y1XV+RGNHH+Q19XwgTLQc24VO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28da99290305d79ca27f3a1adcb64e92677911cd859e7abcfb4b6003c11778c5N

Files

28da99290305d79ca27f3a1adcb64e92677911cd859e7abcfb4b6003c11778c5N
.exe windows:4 windows x86 arch:x86

1ce701fd811d39bb2bc6180df0529c35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcmp
memmove
strlen
strcpy
strcat
memcmp
strncpy
sprintf
strncmp
fabs
ceil
malloc
floor
free
fclose

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
LoadLibraryA
GetProcAddress
Sleep
FreeLibrary
SetLastError
GetCurrentProcessId
GetVersionExA
TlsAlloc
SetCurrentDirectoryA
HeapReAlloc
DeleteCriticalSection

user32

DestroyWindow
GetWindowLongA
SetFocus
CreateWindowExA
SetWindowLongA
PeekMessageA
TranslateMessage
DispatchMessageA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
SetPropA
SendMessageA
GetParent
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
GetSystemMetrics
GetActiveWindow
GetWindowRect
ShowWindow
CreateAcceleratorTableA
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
GetClientRect
FillRect
GetFocus
EnumChildWindows
PostMessageA
DefFrameProcA
IsWindowEnabled
IsWindowVisible
IsChild
GetClassNameA
GetKeyState
GetWindowThreadProcessId
SetCursorPos
LoadImageA
SetCursor
MapWindowPoints
MoveWindow
SystemParametersInfoA
SetCapture
GetCursorPos
ReleaseCapture
RegisterWindowMessageA
DestroyIcon

gdi32

GetStockObject
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
SelectObject
BitBlt
CreateBitmap
SetPixel

comctl32

InitCommonControlsEx

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantInit
DispGetParam
VariantClear

shell32

ShellExecuteExA

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
OleInitialize
RevokeDragDrop

Sections

.code
Size: 512B - Virtual size: 415B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ce701fd811d39bb2bc6180df0529c35

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

oleaut32

shell32

ole32

Sections

.code Size: 512B - Virtual size: 415B

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 1024B - Virtual size: 662B

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 700B

.code
Size: 512B - Virtual size: 415B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 1024B - Virtual size: 662B

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 700B