4fa09f7be8968b42d49cc006564d15eaa6effcd630b567beafc97302fbe0e054

Sharing

Copy URL Twitter E-mail

General

Target

4fa09f7be8968b42d49cc006564d15eaa6effcd630b567beafc97302fbe0e054
Size

594KB
MD5

c4beaaaa5ffb5a9740e37f4147aba46f
SHA1

cda9b4eb12422232b1644cb8828e9d26621e89c3
SHA256

4fa09f7be8968b42d49cc006564d15eaa6effcd630b567beafc97302fbe0e054
SHA512

2f53420c97f7bf7cb2856bc9c3a0fe3e32617cf8d474abdc74dcd69b014d20df69954a2505f508b63e81ba1afbc0726aa92dadea1c422739f7aaada4687e0932
SSDEEP

6144:EoohJ400CgNAzBHjF0B3M+wMmILOUfJfq2238QxJ/cMF8T800OcbeRISxB:bY42dFHjFc8+wILOURfbu8S2MFm5pc9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fa09f7be8968b42d49cc006564d15eaa6effcd630b567beafc97302fbe0e054

Files

4fa09f7be8968b42d49cc006564d15eaa6effcd630b567beafc97302fbe0e054
.exe windows x86

0e4ccab7b66248a1992488c1ceb39390

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoW
IsDebuggerPresent
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
MoveFileA
FindResourceA
lstrlenA
lstrcatA
lstrcpyA
lstrcmpiA
SizeofResource
LoadResource
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeResource
GetSystemDirectoryA
GetTickCount
GetCurrentThreadId
ExitProcess
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError
CloseHandle
GetTempPathA
WriteFile
SetFileTime
SetFilePointer
SetFileAttributesA
CreateFileA
ReadFile
LocalFileTimeToFileTime
GetFileAttributesA
DeleteFileA
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

user32

PostThreadMessageA
GetInputState
wsprintfA
GetMessageA

advapi32

CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA
CreateServiceA
RegSetValueExA
RegSetKeySecurity
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
GetUserNameA
LookupAccountNameA
GetFileSecurityA
SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetLengthSid
GetAclInformation
GetAce
FreeSid
EqualSid
AllocateAndInitializeSid
AddAce
AddAccessAllowedAce

netapi32

NetUserGetLocalGroups
NetApiBufferFree

vcruntime140

__std_exception_destroy
__std_type_info_destroy_list
memset
memcpy
__std_exception_copy
_except_handler4_common
strchr
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

strncat
_strnicmp

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
realloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_register_thread_local_exe_atexit_callback
_crt_at_quick_exit
_controlfp_s
terminate
exit
_c_exit
_cexit
_seh_filter_exe
_initterm_e
_set_app_type
_exit
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e4ccab7b66248a1992488c1ceb39390

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 117KB - Virtual size: 117KB

.idata Size: 5KB - Virtual size: 5KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 467KB - Virtual size: 466KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 117KB - Virtual size: 117KB

.idata
Size: 5KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 467KB - Virtual size: 466KB

.reloc
Size: 3KB - Virtual size: 3KB