4f92ceef0ff0878c041b866b1062475ea81e332d2846fd8f6d0946b71b528916

Sharing

Copy URL Twitter E-mail

General

Target

4f92ceef0ff0878c041b866b1062475ea81e332d2846fd8f6d0946b71b528916
Size

304KB
MD5

e94df35e9a46f36eb5f91e62a87aa1db
SHA1

08a008313bf1e70cc3dfce726935a31dbea94c67
SHA256

4f92ceef0ff0878c041b866b1062475ea81e332d2846fd8f6d0946b71b528916
SHA512

cae78c3b4e8682a4099a1c2ecbad154504f89e1c0b536e4cc71dc485250901dd3deb28ba851418b0c41ff5941a11c9356595623540494b875b57213c0a0c4108
SSDEEP

6144:Wn+uu/elYuCGMOUTckYjHAOEcKYqATfqGgEtid:tolYq/RLuc7qATfqGgEod

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f92ceef0ff0878c041b866b1062475ea81e332d2846fd8f6d0946b71b528916

Files

4f92ceef0ff0878c041b866b1062475ea81e332d2846fd8f6d0946b71b528916
.exe windows:6 windows x86

cfe177fb53af2cd2be13d61f764e2d40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord190
ord16
ord70
ord171
ord125
ord115
ord48
ord8
ord141

kernel32

FindNextFileW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetVersionExW
VirtualQuery
FreeLibrary
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
FindResourceExW
LoadResource
LockResource
EnumResourceLanguagesW
GetUserDefaultLangID
WriteConsoleW
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindClose
GetProcAddress
GetModuleFileNameW
GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
CloseHandle
WriteFile
CreateFileW
FormatMessageW
LocalFree
GetModuleHandleW
GetLastError
FindFirstFileExW
GetFullPathNameW
GetDriveTypeW
GetProcessHeap
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetACP
GetModuleHandleExW
ExitProcess
GetStdHandle
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetStringTypeW
LCMapStringW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind

user32

ExitWindowsEx
MessageBoxW

advapi32

RegEnumKeyExW
InitiateSystemShutdownExW
RegQueryValueExW
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegCloseKey

shell32

CommandLineToArgvW

mpr

WNetGetUserW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Exports

Exports

NI_MetaToolbox_MetaOutput_GetSharedGlobalData

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfe177fb53af2cd2be13d61f764e2d40

Headers

DLL Characteristics

File Characteristics

Imports

msi

kernel32

user32

advapi32

shell32

mpr

wtsapi32

Exports

Exports

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 6KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 332B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 87KB - Virtual size: 87KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 6KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 332B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 87KB - Virtual size: 87KB