42caf47a6d9bb10f093854e81e293dea

Sharing

Copy URL

Twitter E-mail

General

Target

42caf47a6d9bb10f093854e81e293dea
Size

545KB
MD5

42caf47a6d9bb10f093854e81e293dea
SHA1

f77a0ea07670ad1a5ecc560279bc137672c588ae
SHA256

2c502fc32a801f4e94b1dd8e3c3f39097618919130a4b392e14837130a6ac7a8
SHA512

8933af3366b0c94501388924923bf7791b59af2e5bf6f2704f5e33e842c0c1a543bbe02fa5450aae8af2fd6d14e0098935dc3de5d84bbd664b51119c71b875d0
SSDEEP

12288:ZJhIYV+P4x292bjlxE7e9Ms0p1uD6IyuP+hT/7kDL6Qzxd6Ly:j+PkHBp90zSjWRz6LL6Ly

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42caf47a6d9bb10f093854e81e293dea

Files

42caf47a6d9bb10f093854e81e293dea
.exe windows:5 windows x86 arch:x86

ed8e0bba9f7a0f15d39f33eb8cdcdf65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
HeapReAlloc
GlobalDeleteAtom
GetLocaleInfoA
EndUpdateResourceW
InterlockedIncrement
GetUserDefaultLCID
AddConsoleAliasW
SetEvent
GetSystemTimeAsFileTime
GetEnvironmentStrings
GlobalAlloc
ReadFileScatter
LeaveCriticalSection
GetFileAttributesA
WriteConsoleW
CreateActCtxA
FlushFileBuffers
GetProcAddress
RemoveDirectoryA
VerLanguageNameW
EnumResourceTypesW
GetModuleFileNameA
DebugSetProcessKillOnExit
GetModuleHandleA
EraseTape
FindFirstVolumeA
ReleaseMutex
GetCurrentProcessId
FindNextVolumeA
lstrcpyW
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetLastError
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
HeapSize
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
CloseHandle
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetEndOfFile
GetProcessHeap
ReadFile

Exports

Exports

@SetFirstVice@8

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed8e0bba9f7a0f15d39f33eb8cdcdf65

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 368KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 9KB - Virtual size: 48KB

.rsrc Size: 151KB - Virtual size: 151KB

.text
Size: 368KB - Virtual size: 368KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 9KB - Virtual size: 48KB

.rsrc
Size: 151KB - Virtual size: 151KB