4e80aa7b14a04649a7d319f829d1084cf4e0c5a380a7eda7435555d725186c63

Sharing

Copy URL Twitter E-mail

General

Target

4e80aa7b14a04649a7d319f829d1084cf4e0c5a380a7eda7435555d725186c63
Size

1012KB
MD5

3bd8ba7eec865d2a1137e23c986a6e38
SHA1

b5ea062803b5898ff1a4d2f77159646f3b6cea92
SHA256

4e80aa7b14a04649a7d319f829d1084cf4e0c5a380a7eda7435555d725186c63
SHA512

62439adb14349ddf0450db33af69718ed3682255db95e3b9cb9c9168856a6cfc2b5925d1f5a7d887fead2ab227798e972ed5455ec6a66a427370af1373a97d34
SSDEEP

24576:r29gG7zS7wsNHV4AuFDVGU1CgTtW9dVCeOtaX:MIZeDFDVGUN6JOgX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e80aa7b14a04649a7d319f829d1084cf4e0c5a380a7eda7435555d725186c63

Files

4e80aa7b14a04649a7d319f829d1084cf4e0c5a380a7eda7435555d725186c63
.exe windows:5 windows x86 arch:x86

668f9b7c10a2a9031ab006d392c53c7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
FormatMessageW
GetCurrentThread
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
WaitNamedPipeW
PeekNamedPipe
ReadFile
GetTickCount64
CreateDirectoryW
OpenEventW
GetSystemWindowsDirectoryW
GetLocaleInfoW
SetEndOfFile
HeapAlloc
HeapFree
GetProcessHeap
GetFileAttributesW
FlushFileBuffers
GetLocaleInfoA
GetUserDefaultLCID
IsValidLocale
IsValidCodePage
ExpandEnvironmentStringsW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
SetEvent
ExpandEnvironmentStringsA
WaitForMultipleObjects
FormatMessageA
SleepEx
VerSetConditionMask
VerifyVersionInfoA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStringTypeA
EnumSystemLocalesA
HeapReAlloc
HeapCreate
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetACP
GetStdHandle
SetHandleCount
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateEventW
GetSystemTimeAsFileTime
Sleep
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
FindClose
TerminateProcess
MoveFileW
DeleteFileW
SetFileAttributesW
GetModuleHandleW
ReleaseMutex
CreateMutexA
GetVersionExW
LocalFree
LocalAlloc
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
FreeLibrary
GetOEMCP
CompareStringW
CompareStringA
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointer
CreateFileA
SetLastError
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualQuery
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
ResumeThread
SuspendThread
ExitThread
CreateThread
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
VirtualProtect
LoadLibraryW
GetProcAddress
GetTickCount
WaitForSingleObjectEx
GetFileType
TerminateThread
GetCurrentProcess
GetFileInformationByHandle

user32

IsWindow
DestroyWindow
GetWindowRect
ClientToScreen
SetCursorPos
GetClientRect
GetClassNameW
SetWindowPos
GetClassInfoW
LoadIconW
LoadCursorW
KillTimer
CreateWindowExW
GetPropW
SetPropW
BeginPaint
EndPaint
PostQuitMessage
ShowWindow
GetMessageW
SendMessageW
SetTimer
DefWindowProcW
PostMessageW
EnumChildWindows
UpdateWindow
DispatchMessageW
GetMenuStringW
GetMenuItemID
FindWindowW
wsprintfW
GetMenuItemCount
RegisterClassW
SetFocus
TranslateMessage

advapi32

CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegFlushKey
RegSetValueExW
RegCreateKeyExW
GetUserNameW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext

shell32

SHGetSpecialFolderPathW

ws2_32

ntohl
inet_ntoa
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
htonl
WSACleanup
WSAGetLastError
WSAStartup
connect
recv
send
closesocket
sendto
recvfrom
socket
setsockopt
inet_addr
htons
bind
getpeername
getsockopt
ntohs
getsockname
WSAIoctl
select
__WSAFDIsSet
WSASetLastError

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersInfo

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

wldap32

ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 792KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

668f9b7c10a2a9031ab006d392c53c7d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

iphlpapi

wininet

wldap32

rpcrt4

Sections

.text Size: 792KB - Virtual size: 792KB

.rdata Size: 132KB - Virtual size: 132KB

.data Size: 32KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 48KB - Virtual size: 48KB

.text
Size: 792KB - Virtual size: 792KB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 48KB - Virtual size: 48KB