f95ed04989007e109331397ada2c5e84c1bfddd8d8892ee5ad02ee3fd27506c6N

Sharing

Copy URL

Twitter E-mail

General

Target

f95ed04989007e109331397ada2c5e84c1bfddd8d8892ee5ad02ee3fd27506c6N
Size

80KB
MD5

265a18631e2100a056ab4591b4a1c250
SHA1

f9253cb68ad9ce76d3b1db0660233d9e624ac153
SHA256

f95ed04989007e109331397ada2c5e84c1bfddd8d8892ee5ad02ee3fd27506c6
SHA512

f591b468811b57d2beaa4eea2d62b94ed3597cfdfbcd600a34c1a1f83c5aabcb5daa4a76d80ec27bd9ffa3cd94fae84a74cac1f4ea3ff6ac020822b55b6fa555
SSDEEP

384:IQFP4HRYM+Mfn6NUuCkAhzDZG1s6jxGyP4HRYM+Mfn5ziULiSKnCkhEjOPH21Mpa:vuK4n6NvCkA1AOK4n5+7TQOPiKKX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f95ed04989007e109331397ada2c5e84c1bfddd8d8892ee5ad02ee3fd27506c6N

Files

f95ed04989007e109331397ada2c5e84c1bfddd8d8892ee5ad02ee3fd27506c6N
.exe windows:4 windows x86 arch:x86

d568a2759f37043b45b2b34a6629c039

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

viskaluj.pdb

Imports

user32

GetCaretPos
PostMessageA
SetFocus
DrawIcon
SetCursorPos
IsZoomed
GetMessageA
IsCharLowerA
IsDialogMessageA
DialogBoxParamW
CreateWindowExW
DispatchMessageA
IsWindow

shlwapi

PathCombineA
UrlIsA
UrlIsOpaqueA
UrlCombineA
PathCommonPrefixA
UrlCanonicalizeA
UrlGetLocationA
UrlCompareA
UrlIsNoHistoryA
PathCompactPathA
UrlHashA

kernel32

CopyFileA
GetDateFormatW
GetTickCount
IsValidLocale
GetDiskFreeSpaceA
GetCurrentProcess
FindResourceExA
FormatMessageA
WriteProcessMemory
InterlockedDecrement
CompareStringW
HeapCreate
LoadLibraryA
GetConsoleAliasW
WriteFile
GetAtomNameA
GetCurrentThreadId
ExpandEnvironmentStringsA
GetPrivateProfileIntA
SetFileAttributesW
CreateMutexA
GetComputerNameA
GetFullPathNameA
SetEnvironmentVariableA
GetProcessHeap
GetTimeFormatA
GetNumberFormatA
SleepEx
CreateSemaphoreW
GetSystemInfo
InterlockedExchange

upnphost

DllRegisterServer
DllCanUnloadNow
ServiceMain
DllUnregisterServer
DllGetClassObject

crypt32

CertCreateCRLContext
CertDuplicateCRLContext
CryptFindOIDInfo
CertNameToStrA
CertFindExtension
CryptEnumOIDInfo
CertControlStore
CertOpenStore
CertFindChainInStore
CertSaveStore
CertFindAttribute
CertDuplicateStore
CertAlgIdToOID
CryptEncodeObject

wtsapi32

WTSVirtualChannelClose
WTSEnumerateProcessesA
WTSLogoffSession
WTSQuerySessionInformationA
WTSSetUserConfigW
WTSVirtualChannelQuery
WTSUnRegisterSessionNotification
WTSCloseServer
WTSEnumerateServersA
WTSEnumerateSessionsA

authz

AuthzFreeContext
AuthzAddSidsToContext
AuthzInitializeContextFromSid
AuthzFreeResourceManager

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d568a2759f37043b45b2b34a6629c039

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

kernel32

upnphost

crypt32

wtsapi32

authz

Sections

.text Size: 52KB - Virtual size: 49KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 52KB - Virtual size: 49KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 12KB