00caa794866c636b8355c06632871ed0359b9c16dbbdd62ab77980005787dbdf

Sharing

Copy URL Twitter E-mail

General

Target

00caa794866c636b8355c06632871ed0359b9c16dbbdd62ab77980005787dbdf
Size

242KB
MD5

e544435721e9dc8c29a03fa29d2e43b3
SHA1

6155258a659a00885c6efb6882b925782402ef99
SHA256

00caa794866c636b8355c06632871ed0359b9c16dbbdd62ab77980005787dbdf
SHA512

75794f682cbf460c05320a5abe1e09a50ed1732de070a12ec2f97064ebb3ff4fcc84258d585c222ce90c417fb7fdd2926d42a0156aa8d63e44c8795a3a87464f
SSDEEP

6144:N0sZd/uqxzhlGIu9hVwp7+nN0IiFnMl0q51r7s1vsaf:NrZd/uqhhlGIubVK7+N0dtMvjM1vs0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00caa794866c636b8355c06632871ed0359b9c16dbbdd62ab77980005787dbdf

Files

00caa794866c636b8355c06632871ed0359b9c16dbbdd62ab77980005787dbdf
.exe windows:4 windows x86

b81790157d2d72a328d762a392740e30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lwrite
Module32Next
_lwrite
_lwrite
Module32Next
_lwrite

shell32

ExtractAssociatedIconW
DoEnvironmentSubstA
DragFinish
ExtractIconA
ord179

advapi32

ChangeServiceConfig2A
NotifyBootConfigStatus
LsaSetDomainInformationPolicy
AreAllAccessesGranted
RegEnumKeyExW
DecryptFileW
RegLoadKeyW
InitiateSystemShutdownW
RegFlushKey
RegEnumKeyExA
RegEnumKeyA
PrivilegeCheck
DecryptFileA

wininet

InternetGetLastResponseInfoA
RetrieveUrlCacheEntryFileW
FtpRemoveDirectoryW
GopherOpenFileW
HttpQueryInfoA
InternetCrackUrlA
FtpDeleteFileA
HttpAddRequestHeadersA
InternetCanonicalizeUrlW
FtpRenameFileW
SetUrlCacheEntryInfoA
FtpPutFileW
InternetWriteFile

msvcrt

qsort
strcpy
_acmdln
__getmainargs
_initterm
_controlfp
_rmtmp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
exit

user32

EnableMenuItem
SetCursor
DrawTextA
FrameRect
SetWindowLongA
DefDlgProcA
CharLowerBuffA
LoadImageA
GetMessagePos
wvsprintfA
InvalidateRect
GetNextDlgGroupItem
GetMenu
DialogBoxParamA
TrackPopupMenu
RegisterClassA
SetForegroundWindow
InvalidateRgn
GetWindowTextA
GetClassNameA
SetDlgItemInt
GetKeyboardLayout
GetOpenClipboardWindow
GetClipCursor
CreateMenu
CharPrevA
GetMenuItemInfoA
DdeCreateDataHandle
GetAsyncKeyState
DdeFreeDataHandle
GetActiveWindow
LoadAcceleratorsA
CharLowerW
DrawIcon
SetTimer
GetMenuState
GetWindowTextLengthA
UpdateWindow
IsDialogMessageA
DeleteMenu
LoadStringW
GetKeyState
SystemParametersInfoA
LoadCursorW
ScreenToClient
GetMenuItemInfoW
GetWindowRect
ReleaseDC
GetDCEx
SetClassLongA
TranslateAcceleratorA
TrackPopupMenuEx
DispatchMessageA
GetCursorPos

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b81790157d2d72a328d762a392740e30

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

wininet

msvcrt

user32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 150KB

.rsrc Size: 152KB - Virtual size: 150KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 150KB

.rsrc
Size: 152KB - Virtual size: 150KB