70d7100739d6f49b8d1b02292827146f257b461a95a36fefc0c9aac5a340c2e8N

Sharing

Copy URL

Twitter E-mail

General

Target

70d7100739d6f49b8d1b02292827146f257b461a95a36fefc0c9aac5a340c2e8N
Size

240KB
MD5

274049131abd283e1d870a336fdffa50
SHA1

1a9fa53a8cf6e38bde20c85a2f2547ff50e40247
SHA256

70d7100739d6f49b8d1b02292827146f257b461a95a36fefc0c9aac5a340c2e8
SHA512

55164a2c7c5442a68e1bce9a1c5e84d898cf995f1be47f32ede972fc1320c29c6ca3c060b5d5a30836bb2290a40993c83139e9a29a7f1ebadb212c1ba95824c2
SSDEEP

3072:iz81VoD/HxnNQ1nLpWGCqBUabDONB3UpI1znKhbEVyLbmH55doIbMB:2nNELpWAXONB3UpIHyLbmH55do9B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70d7100739d6f49b8d1b02292827146f257b461a95a36fefc0c9aac5a340c2e8N

Files

70d7100739d6f49b8d1b02292827146f257b461a95a36fefc0c9aac5a340c2e8N
.exe windows:4 windows x86 arch:x86

89be7ace3126bb4eacc0b422bbbe522d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
CloseHandle
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError
GlobalFree
GlobalAlloc
SetLastError
GetStartupInfoA
FormatMessageA
LocalFree
DeleteFileA
GetEnvironmentVariableA
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetCommandLineA
FindFirstFileA
FindNextFileA
FindClose
GetSystemDirectoryA
Sleep
GlobalSize

user32

ReleaseDC
SetWindowPos
OffsetRect
CopyRect
GetWindowRect
GetParent
GetDesktopWindow
FillRect
GetDC

gdi32

DeleteDC
DeleteObject
CreateSolidBrush
SelectObject
CreateBitmap
GetDIBits
CreateCompatibleDC

winspool.drv

GetJobA
ClosePrinter
SetJobA
GetPrinterA
OpenPrinterA
DocumentPropertiesA

comdlg32

GetSaveFileNameA

advapi32

OpenProcessToken
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
CreateProcessAsUserA

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

gdiplus

GdipDrawImageRectI
GdipDeleteGraphics
GdipSaveImageToStream
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipSetInterpolationMode
GdipCreateFromHDC
GdipGetImageHeight
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipAlloc
GdipFree
GdipDisposeImage
GdipCloneImage
GdipGetImageEncodersSize
GdipGetImageWidth

msvcrt

_adjust_fdiv
__p__commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
rand
_CIpow
__p__fmode
__set_app_type
_except_handler3
_controlfp
floor
_lfind
bsearch
_assert
qsort
strncmp
vfprintf
_iob
time
localtime
strftime
_snprintf
realloc
_stricmp
__CxxFrameHandler
_ftol
??2@YAPAXI@Z
fwrite
fprintf
??3@YAXPAX@Z
fflush
strrchr
sprintf
difftime
atol
strncpy
strstr
free
wcscmp
malloc
fseek
fclose
fread
fopen
ftell
memmove
_mkdir
_stat
_access
strchr
isalpha
_strupr
rename
remove

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89be7ace3126bb4eacc0b422bbbe522d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

ole32

gdiplus

msvcrt

userenv

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 112KB - Virtual size: 108KB

.data Size: 24KB - Virtual size: 39KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 112KB - Virtual size: 108KB

.data
Size: 24KB - Virtual size: 39KB