82548cfb4bcfd01e546467cda82d6fda75577bc1567c19b9c4db486f1e95b471

Sharing

Copy URL Twitter E-mail

General

Target

82548cfb4bcfd01e546467cda82d6fda75577bc1567c19b9c4db486f1e95b471
Size

646KB
MD5

b4cb22e7bc7515ac03e2fd87c1bfda8f
SHA1

1a3f6ee7417aadf3e8eff415e7557b545002dc8c
SHA256

82548cfb4bcfd01e546467cda82d6fda75577bc1567c19b9c4db486f1e95b471
SHA512

fa8d004f689f9355f31919e9cf60fe718ea78ad81ff0f4a683c83a1656e32deb2ea0a5cf8ae3d7543ee60a2d86c8836b54ad99e9845271a570e36c18dd15de88
SSDEEP

12288:MwNLbTJrMB9emsZUOi0p5QLT4t8mfxIpZ:FLbTJYPsZm4emZID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82548cfb4bcfd01e546467cda82d6fda75577bc1567c19b9c4db486f1e95b471

Files

82548cfb4bcfd01e546467cda82d6fda75577bc1567c19b9c4db486f1e95b471
.exe windows:6 windows x86

29c969638b3748e0d5578d7a1a8e75cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
CreateFileW
FileTimeToSystemTime
GlobalAlloc
DeleteFileW
GlobalFree
CreateProcessW
GetFileTime
ReadFile
WriteFile
ExitThread
CreateEventW
FormatMessageW
CreateThread
LocalFree
GetFileSize
GetCommandLineW
GetCurrentProcessId
OpenMutexW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
GetVersionExW
RaiseException
DecodePointer
DeleteCriticalSection
FlushFileBuffers
HeapFree
LocalAlloc
OutputDebugStringW
HeapAlloc
GetProcessHeap
CreateMutexW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
SetEvent
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwind
ExitProcess
GetModuleHandleExW
ResumeThread
FreeLibraryAndExitThread
HeapReAlloc
GetStdHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
HeapSize
GetConsoleCP
WriteConsoleW
SetEndOfFile
GetProcAddress
LoadLibraryW
CloseHandle
GetLastError
SetFileAttributesW
GetSystemDirectoryW
GetCurrentThreadId
GetFileAttributesW
GetTempPathW
GetModuleFileNameW
GetCurrentProcess
SetLastError
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObjectEx
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
GetExitCodeProcess
Sleep
WaitForSingleObject
GetStartupInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmDisableIME

wininet

InternetWriteFile
InternetCrackUrlA
HttpOpenRequestA
InternetCloseHandle
InternetOpenW
HttpEndRequestW
HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW

user32

GetSystemMetrics
wsprintfW
SetRectEmpty

advapi32

CryptAcquireContextW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
GetTokenInformation
RegQueryValueExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
RegOpenKeyExW
OpenProcessToken
RegCloseKey
LookupAccountSidW
RegSetValueExW
RegCreateKeyExW
InitializeAcl

shell32

SHGetFolderPathW
ShellExecuteW

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29c969638b3748e0d5578d7a1a8e75cb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

version

imm32

wininet

user32

advapi32

shell32

Sections

.text Size: 318KB - Virtual size: 318KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 10KB - Virtual size: 63KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 87KB - Virtual size: 88KB

.text
Size: 318KB - Virtual size: 318KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 10KB - Virtual size: 63KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 87KB - Virtual size: 88KB