c4a687bc29ce45858b3324fc43086b16119414d13180bcc5e47380ab77043878

Sharing

Copy URL

Twitter E-mail

General

Target

c4a687bc29ce45858b3324fc43086b16119414d13180bcc5e47380ab77043878
Size

301KB
MD5

369aad7d0673419f90ea88dd0189dd2d
SHA1

9189ec06db411d3f9e77f5f7ce0677529670943d
SHA256

c4a687bc29ce45858b3324fc43086b16119414d13180bcc5e47380ab77043878
SHA512

67a1f8825094c692515e6acf2e38fcfd86240c4a16bbb34e4c084032fec6eca03e37973f5b071a467cab1a4f5ac1bed9d19c635b2ee684c338e19a0487448235
SSDEEP

3072:tvikxL6IEIGe0fMEVkvPZpFcFQX98JuMPAswcVP7ReUIAxy2:ZxxL69tUEAhpFpNXcOUIA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
c4a687bc29ce45858b3324fc43086b16119414d13180bcc5e47380ab77043878

Files

c4a687bc29ce45858b3324fc43086b16119414d13180bcc5e47380ab77043878
.exe windows x86

d190e15225be7ab84d5a0dcd5de7d8b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
FindFirstChangeNotificationW
GetConsoleAliasesLengthW
PeekNamedPipe
SetEndOfFile
CancelWaitableTimer
CreateHardLinkA
FreeEnvironmentStringsA
GetTickCount
GetDateFormatA
ReadConsoleInputA
SizeofResource
GetFileAttributesW
FileTimeToSystemTime
CreateFileW
FindFirstFileA
GetLogicalDriveStringsA
GetLastError
SetLastError
GetProcAddress
AttachConsole
VirtualAlloc
BeginUpdateResourceW
LoadLibraryA
SetFileApisToANSI
FoldStringW
FoldStringA
GetModuleHandleA
GetShortPathNameW
SetCalendarInfoA
FindFirstVolumeW
ReadConsoleOutputCharacterW
LCMapStringW
WideCharToMultiByte
LCMapStringA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount

user32

GetMessageExtraInfo
LoadMenuA
DdeQueryStringW
GetKeyNameTextW
CharToOemBuffW
GetClassInfoExA

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 31.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d190e15225be7ab84d5a0dcd5de7d8b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 160KB - Virtual size: 159KB

.data Size: 11KB - Virtual size: 31.8MB

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 160KB - Virtual size: 159KB

.data
Size: 11KB - Virtual size: 31.8MB

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 38KB - Virtual size: 38KB