7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195

Sharing

Copy URL

Twitter E-mail

General

Target

7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195
Size

152KB
MD5

6164228ed2cc0eceba9ce1828d87d827
SHA1

cea5bc473c948a78ce565b6e195e6e25f029c0c6
SHA256

7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195
SHA512

b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37
SSDEEP

3072:VqD/ri6AM4odK4J663POAQgG8rYKvh+5Nl:V0xlIBwPOA+8Zhu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195

Files

7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195
.exe windows:5 windows x86 arch:x86

33c644f9a2df0250eacdf63aa0ff8cca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k27W.pdb

Imports

kernel32

IsValidLanguageGroup
GetUserDefaultLangID
GetThreadLocale
VirtualProtectEx
OpenSemaphoreA
GetCurrentProcessId
LocalLock
GetModuleFileNameA
GetBinaryTypeA
lstrlenA
GlobalDeleteAtom
GetLocaleInfoA
GetCurrentProcess
GetCommandLineW
DefineDosDeviceW
LocalSize
GetProcessWorkingSetSize
WritePrivateProfileStructW
GetComputerNameA
GetCompressedFileSizeA
GetPrivateProfileSectionNamesA
GetCurrentThread
GetModuleHandleW

clusapi

GetClusterResourceNetworkName

advapi32

FindFirstFreeAce

msvcrt

tolower
strcspn
setvbuf
strcmp

winspool.drv

GetPrinterDataExW

gdi32

GetMapMode
GetDIBColorTable
GetTextFaceW
RemoveFontResourceA
GdiComment
GetTextExtentPoint32A
GetLayout

powrprof

IsPwrHibernateAllowed

mscms

GetStandardColorSpaceProfileW

user32

IsWindow
GetWindowTextW
GetClientRect
DeregisterShellHookWindow
GetClassInfoExW
DefWindowProcW
GetWindowPlacement
DialogBoxParamW
InsertMenuItemW
GetSysColor
DrawStateW
GetDC
MessageBoxIndirectA
GetClipboardFormatNameW
EnumWindows
GetKeyboardLayoutNameW
GetUserObjectInformationW
LoadMenuIndirectA

wininet

FindNextUrlCacheGroup
DeleteUrlCacheEntryW

shlwapi

GetMenuPosFromID

oleaut32

GetErrorInfo

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.codu
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33c644f9a2df0250eacdf63aa0ff8cca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

clusapi

advapi32

msvcrt

winspool.drv

gdi32

powrprof

mscms

user32

wininet

shlwapi

oleaut32

Sections

.text Size: 4KB - Virtual size: 3KB

.codu Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 68KB - Virtual size: 101KB

.crt0 Size: 60KB - Virtual size: 57KB

.reloc Size: 4KB - Virtual size: 392B

.text
Size: 4KB - Virtual size: 3KB

.codu
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 68KB - Virtual size: 101KB

.crt0
Size: 60KB - Virtual size: 57KB

.reloc
Size: 4KB - Virtual size: 392B