da255ef1b0313ab47b72c58314f50d0dfb31dbd1a4431d7c9ab9476273de6afdN

Sharing

Copy URL Twitter E-mail

General

Target

da255ef1b0313ab47b72c58314f50d0dfb31dbd1a4431d7c9ab9476273de6afdN
Size

145KB
MD5

3c35ea0b4527f3a75d432e59082d9ae0
SHA1

ad45ee01a39f270edd81e41c7d909ea029b5eaaf
SHA256

da255ef1b0313ab47b72c58314f50d0dfb31dbd1a4431d7c9ab9476273de6afd
SHA512

0aefc5eef8d183d29c0c0189114a42620ca5cfa8f7d739247b343e1c1a92786aa2c5078378b656b45a90610cad6cabf7baa0aa011067bf940e2c4bb3dd00f557
SSDEEP

3072:hxhtN1zXfLgdRQ1ibZ7XWMA1b4LJIRdE1xP0Tbl3eYd8:hz5vLswiF7mT1/3O14N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da255ef1b0313ab47b72c58314f50d0dfb31dbd1a4431d7c9ab9476273de6afdN

Files

da255ef1b0313ab47b72c58314f50d0dfb31dbd1a4431d7c9ab9476273de6afdN
.exe windows:5 windows x86 arch:x86

28a33a91efadd995c32e7d86d481c491

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

shell32

SHGetFolderPathW
RegenerateUserEnvironment

advapi32

RegDeleteValueA
RegSetValueExA
RegQueryValueExA
LsaQuerySecurityObject
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA

kernel32

lstrlenA
lstrcpyA
CreateDirectoryA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetCurrentDirectoryA
GetCurrentProcess
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetVersionExA
LoadLibraryA
LocalAlloc
LocalFree
SetCurrentDirectoryA
VirtualAlloc
VirtualFree
VirtualProtect

user32

SetTimer
wsprintfA
MessageBoxA

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupCancelTemporarySourceList
SetupDiGetClassDevsA

msvcrt

__CxxFrameHandler
__dllonexit
__getmainargs
__p__commode
__set_app_type
_adjust_fdiv
_except_handler3
_initterm
_itoa
_mbscmp
_onexit
atoi
exit
free
malloc
sprintf
strrchr
strtok

Exports

Exports

ARawDecodeDone
Clear
DeleteTempFile
DeleteTempFileOnShutdown
DoHotMailWizard
HrCheckTridentMenu
HrRewindStream
IVoidPtrList_CreateInstance
PVGetMsgParam
TextureKey

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28a33a91efadd995c32e7d86d481c491

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

advapi32

kernel32

user32

winspool.drv

setupapi

msvcrt

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 14KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 14KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 3KB