508aa5c3004bee26836a4cd2f81cf56e22d7b6d9cf9dbb124a375880c16b8bde

Sharing

Copy URL

Twitter E-mail

General

Target

508aa5c3004bee26836a4cd2f81cf56e22d7b6d9cf9dbb124a375880c16b8bde
Size

182KB
MD5

da609639cd6b332859be2ef83572692b
SHA1

170b8aaaf252402369111bc90836abe17d123d58
SHA256

508aa5c3004bee26836a4cd2f81cf56e22d7b6d9cf9dbb124a375880c16b8bde
SHA512

323e976247969d4c6d85a88f5c970190786dbdeadd25aa866c43e217c6105de3c82e9453345d5e0d096df42df1f7d9f678701cc9efc2f42ce989814024592a16
SSDEEP

3072:ds4J1ymzfWOjnwGOn1UnfsofawcnZ6nf5MrAyIOJEWSfOuE6IGTm/nQ:dHJUEfo13FwuZo4JIHOu2G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
508aa5c3004bee26836a4cd2f81cf56e22d7b6d9cf9dbb124a375880c16b8bde

Files

508aa5c3004bee26836a4cd2f81cf56e22d7b6d9cf9dbb124a375880c16b8bde
.exe windows:4 windows x86 arch:x86

351db28aadf9605837e3e72405e92404

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW

avifil32

AVISaveOptions
AVIMakeCompressedStream

advapi32

RegEnumKeyExW
RegSetValueW
RegCreateKeyW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW

kernel32

Sleep
GetACP
GetTickCount
lstrcpynW
GetModuleHandleW
WaitForMultipleObjectsEx
CreateEventW
CloseHandle
GetCurrentThreadId
InterlockedExchange
EnterCriticalSection
SetEvent
InitializeCriticalSection
GlobalUnlock
GetProcessId
WaitForSingleObject
WideCharToMultiByte
MulDiv
GetFullPathNameW
InterlockedIncrement
InterlockedDecrement
GetDriveTypeW
lstrlenW
GetCurrentProcessId
CreateThread
EnumResourceTypesW
GetProcAddress
FileTimeToLocalFileTime
MultiByteToWideChar
LeaveCriticalSection
FreeLibrary
DisableThreadLibraryCalls
GlobalAlloc
FindFirstChangeNotificationW
GetSystemTimeAsFileTime
ExitProcess
ResetEvent
GetLastError
QueryPerformanceCounter
FindNextChangeNotification
DeleteCriticalSection
GlobalLock
lstrlenA
GetModuleFileNameA
GetThreadLocale
FindClose
FindFirstFileW
FindCloseChangeNotification
GetLocaleInfoA
GlobalReAlloc
FileTimeToSystemTime
GetVersionExW
GetVersionExA

ole32

OleUninitialize
StringFromGUID2
OleInitialize
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize

user32

FindWindowExW
GetSysColor
SetRectEmpty
DestroyMenu
ReleaseCapture
SetTimer
DrawFocusRect
IsWindowVisible
SetWindowLongW
SendMessageW
ShowScrollBar
EqualRect
UnionRect
FillRect
SetCapture
DefWindowProcW
SetForegroundWindow
GetCursorPos
GetWindowLongW
BringWindowToTop
GetSysColorBrush
GetClientRect
IsRectEmpty
InflateRect
GetParent
ScreenToClient
KillTimer
GetActiveWindow
DrawTextW
GetSystemMetrics
EnableWindow
IsWindow
ReleaseDC
SetCursor
SetFocus
PostMessageW
GetWindowRect
wsprintfW
IntersectRect
LoadCursorW
SetRect
ClientToScreen
PtInRect
CopyRect
FrameRect
GetDesktopWindow
CreatePopupMenu
LoadImageW
OffsetRect
UpdateWindow
TrackPopupMenuEx
GetDC
InvalidateRect

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351db28aadf9605837e3e72405e92404

Headers

File Characteristics

Imports

shell32

avifil32

advapi32

kernel32

ole32

user32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 75KB - Virtual size: 74KB

.tls Size: 1024B - Virtual size: 124KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 75KB - Virtual size: 74KB

.tls
Size: 1024B - Virtual size: 124KB