da6b2e9e3958e2f5791da0894bb7c0419deac641bf3f08bb106723a765436325[.]exe

General

Target

da6b2e9e3958e2f5791da0894bb7c0419deac641bf3f08bb106723a765436325.exe
Size

167KB
MD5

0c35d7714d297def190d84145755afb5
SHA1

d9755ffade1769afc5138440f7c1260de9a3af16
SHA256

da6b2e9e3958e2f5791da0894bb7c0419deac641bf3f08bb106723a765436325
SHA512

f4fd9577166d0a0caa43da1f045c960622c72569ca9bce77633d2b59512d4e067fcf94ed38129f989913d4a5875eee96f1a8e27e6fa0f3c42de6373fa7350957
SSDEEP

3072:bpB8YWt7WK+Jrq8wlHPW4+1AOyhgAZEXhOBrB+KbmVFlQ/SpgcrSP8iBAoxbH:b78Bt7WKGwRPW4+1EmAiAVfwFaCFil

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
da6b2e9e3958e2f5791da0894bb7c0419deac641bf3f08bb106723a765436325.exe

Files

da6b2e9e3958e2f5791da0894bb7c0419deac641bf3f08bb106723a765436325.exe
.exe windows:5 windows x86 arch:x86

9b1278c7e110c89e49bb35fd63e918c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\rsqs\LrCiez\wdspioRn.pdb

Imports

user32

DefFrameProcW
IsCharAlphaNumericW
DrawFrameControl
AdjustWindowRectEx
DrawAnimatedRects
GetKeyState
EqualRect
GetMenuStringA
GetWindowTextA
TabbedTextOutW
PtInRect
IsChild

shlwapi

StrCmpNIW
UrlCompareA

comdlg32

ChooseFontW
GetSaveFileNameW
ChooseColorW
PrintDlgExW

msvcrt

exit

gdi32

SelectPalette
GetSystemPaletteUse
SetViewportOrgEx
RectVisible
SetRectRgn

comctl32

ImageList_Destroy
ImageList_Create

kernel32

CancelWaitableTimer
ExitProcess
LocalSize
GlobalAlloc
SetFileTime
GetTempFileNameW
FindClose
GlobalFree
Sleep
GetTickCount

ntdll

RtlInitUnicodeString

Exports

Exports

?aov_xUQZ_JX@@YGPAGEPAF@Z
?YehZG_ZIH@@YGNEE@Z
?FMZPodtsz_zzkgvyg@@YGJJ@Z
?o_sn_iN_Jt__qs_@@YGXMI@Z
?ZTEQJERDT_bt@@YGFH@Z
?M__F_BMP_B_LN_TVUP@@YGXD@Z

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b1278c7e110c89e49bb35fd63e918c7

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

comdlg32

msvcrt

gdi32

comctl32

kernel32

ntdll

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.itext Size: 512B - Virtual size: 180B

.data Size: 149KB - Virtual size: 304KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.itext
Size: 512B - Virtual size: 180B

.data
Size: 149KB - Virtual size: 304KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB