302f95f5c95cc01f5c4ba89c3ebffa17defcfb32ede12ba01ea6424b816a8377[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

302f95f5c95cc01f5c4ba89c3ebffa17defcfb32ede12ba01ea6424b816a8377.exe
Size

572KB
MD5

35e1af7cbecd2962fc198fad91be653f
SHA1

116cb22d295a36b857ad7883462ef6a77467822c
SHA256

302f95f5c95cc01f5c4ba89c3ebffa17defcfb32ede12ba01ea6424b816a8377
SHA512

4be95eb0553cb968c2ee01a5c7bd25e501787a84244b799602092639297f88fa01532a1a1c290f7d9766d2af4f81247388d5a2ccc86bb27cca61a59633b3fe6d
SSDEEP

6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eHdM:VvAfLfaEkAz5SM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
302f95f5c95cc01f5c4ba89c3ebffa17defcfb32ede12ba01ea6424b816a8377.exe

Files

302f95f5c95cc01f5c4ba89c3ebffa17defcfb32ede12ba01ea6424b816a8377.exe
.dll windows:4 windows x86 arch:x86

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
lstrcmpA
InitializeCriticalSectionAndSpinCount
CompareFileTime
VerLanguageNameW
VerLanguageNameA

ole32

OleUninitialize
OleInitialize
OleFlushClipboard
HICON_UserUnmarshal
CreateStdProgressIndicator
ReadClassStm
OleCreateFromFile
OleCreateEx
HICON_UserMarshal

oleacc

CreateStdAccessibleProxyW
AccessibleObjectFromPoint
WindowFromAccessibleObject
AccessibleObjectFromEvent
AccessibleChildren
LresultFromObject
GetRoleTextW
LIBID_Accessibility
DllCanUnloadNow

shlwapi

IsCharSpaceA
StrFormatByteSizeA
StrCmpLogicalW
SHRegCloseUSKey
SHRegGetPathW

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
GetClipboardSequenceNumber
EnumDisplaySettingsExA
CreateAcceleratorTableA
DdeCreateDataHandle
CreateDesktopA
MB_GetString

winmm

midiInUnprepareHeader
waveOutClose
midiInGetDevCapsW
mmGetCurrentTask
mciGetErrorStringA
WOWAppExit
joyGetDevCapsA
midiOutGetNumDevs
mixerGetLineInfoW

shell32

IsLFNDrive
DAD_DragEnterEx2
IsLFNDriveW
ExtractIconExW
SHSimpleIDListFromPath
Shell_NotifyIconA
SHShellFolderView_Message

gdiplus

GdipCreateFromHWND
GdipGetLineBlend
GdipSetAdjustableArrowCapFillState
GdipSetPathGradientTransform
GdipDrawClosedCurve2I
GdipDrawRectangleI
GdipGetPenUnit
GdipGetDpiY

msimg32

vSetDdrawflag
AlphaBlend
TransparentBlt

winspool.drv

AddFormA
DeletePrintProvidorW
FindClosePrinterChangeNotification
GetPrinterDataA
QuerySpoolMode
GetPrinterDriverDirectoryA
AdvancedDocumentPropertiesW
DeletePortA
DeletePrinterKeyW
AddPrinterDriverExA
DeletePrintProcessorA
WritePrinter
AddPrintProcessorA
AddPrintProvidorW

comdlg32

PrintDlgExA
ChooseFontA
dwOKSubclass
FindTextW
GetFileTitleW
GetSaveFileNameA
LoadAlterBitmap

oledlg

OleUIBusyW
OleUICanConvertOrActivateAs
OleUIUpdateLinksW
OleUIConvertW
OleUIChangeIconW
OleUIInsertObjectA

gdi32

ExtSelectClipRgn
STROBJ_bEnum
GetCharABCWidthsI
DdEntry32
RealizePalette
SetRectRgn
GetCharacterPlacementW
EngComputeGlyphSet
GetTextAlign

imagehlp

RemoveRelocations
SymFromAddr
SymUnloadModule64
SymGetModuleBase64
SymLoadModule
SymFindFileInPath
SymLoadModule64
SymGetSymPrev
ImageEnumerateCertificates

oleaut32

VarCyNeg
VarUI2FromR8
CreateDispTypeInfo
VariantCopyInd
VarI1FromUI1
GetRecordInfoFromGuids
VarTokenizeFormatString
VarBstrFromCy
LPSAFEARRAY_Size
OleLoadPictureFileEx

comctl32

ImageList_SetIconSize
DrawStatusTextW
ImageList_GetImageInfo
FlatSB_SetScrollProp
CreateToolbarEx
FlatSB_EnableScrollBar
DPA_DestroyCallback
ShowHideMenuCtl

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

WmiQueryAllDataMultipleA
SetEntriesInAuditListA
AccessCheckByTypeResultList
FlushTraceA
OpenEncryptedFileRawA
LsaICLookupNames
ReportEventW
MD5Init
LsaSetSystemAccessAccount

Exports

Exports

CreatePaint

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 647B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eebc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jgmo
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

Imports

kernel32

ole32

oleacc

shlwapi

user32

winmm

shell32

gdiplus

msimg32

winspool.drv

comdlg32

oledlg

gdi32

imagehlp

oleaut32

comctl32

version

advapi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 187KB

.data Size: 512B - Virtual size: 112B

.data Size: 512B - Virtual size: 4KB

.data Size: 1024B - Virtual size: 647B

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 72KB - Virtual size: 71KB

.eebc Size: 296KB - Virtual size: 296KB

.jgmo Size: 8KB - Virtual size: 8KB

.text
Size: 188KB - Virtual size: 187KB

.data
Size: 512B - Virtual size: 112B

.data
Size: 512B - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 647B

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 72KB - Virtual size: 71KB

.eebc
Size: 296KB - Virtual size: 296KB

.jgmo
Size: 8KB - Virtual size: 8KB