16c0e78044fc56a4eb3728a76a0ddf9e

Sharing

Copy URL Twitter E-mail

General

Target

16c0e78044fc56a4eb3728a76a0ddf9e
Size

295KB
MD5

16c0e78044fc56a4eb3728a76a0ddf9e
SHA1

31ec9859f4b84554eca77ac238a160fa2b32ad11
SHA256

75f06f217b359bd95f0d6995e69d59e6c2abf2d0f795ee35c2d40a6b6aba2a7a
SHA512

b26dad2f6def8db6a68f5fc51fdb2e9b87f14d992d2a3e6b48c9524ab25f3448d1fe58492f0cad0b257007e9245da8162f4b355be5866a6e91557a11d22e7dbc
SSDEEP

6144:YZCKaTh7OsVqK70vufUWZq+XyrxhkELlhMw80u43jY:YhdpYq+XeaEL3Mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c0e78044fc56a4eb3728a76a0ddf9e

Files

16c0e78044fc56a4eb3728a76a0ddf9e
.exe windows:4 windows x86 arch:x86

0a9a4a1fd97cf576bcceaf975bc13804

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
WaitForMultipleObjects
LCMapStringA
GetConsoleOutputCP
RtlUnwind
GetStringTypeW
FreeLibraryAndExitThread
GetCurrentProcess
GetOEMCP
VirtualAlloc
MultiByteToWideChar
IsValidCodePage
HeapReAlloc
GetLastError
LoadLibraryExW
GetEnvironmentStringsW
FreeEnvironmentStringsA
LeaveCriticalSection
GetModuleFileNameA
GetACP
GetStringTypeA
ExitProcess
GetCurrentThread
GetStdHandle
GetTimeZoneInformation
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetStartupInfoA
EnumSystemLocalesA
HeapDestroy
QueryPerformanceCounter
VirtualProtect
TlsAlloc
GetVersionExW
SetLastError
UnhandledExceptionFilter
EnterCriticalSection
HeapAlloc
GetLocaleInfoW
HeapFree
GetFileType
SetEnvironmentVariableA
GetCurrentProcessId
DeleteCriticalSection
GetSystemInfo
GetStartupInfoW
TlsGetValue
HeapCreate
CompareStringW
GetDateFormatA
GetTimeFormatA
FreeEnvironmentStringsW
IsBadWritePtr
TlsFree
GetComputerNameW
GetVersionExA
GetModuleHandleA
GlobalHandle
WriteFile
SetUnhandledExceptionFilter
GetCommandLineW
SetHandleCount
GetProfileSectionA
TryEnterCriticalSection
CompareStringA
GetUserDefaultLCID
GetProcAddress
GetEnvironmentStrings
GetLocaleInfoA
GetLongPathNameA
IsValidLocale
InterlockedExchange
HeapSize
WideCharToMultiByte
GetModuleFileNameW
VirtualQuery
VirtualFree
TlsSetValue
GetThreadPriority
LCMapStringW
GetCurrentThreadId
InitializeCriticalSection
GetNamedPipeHandleStateW
TerminateProcess
GetCommandLineA

wininet

RunOnceUrlCache
InternetDialA
InternetTimeFromSystemTimeW
InternetWriteFile
GetUrlCacheEntryInfoA
InternetUnlockRequestFile
HttpSendRequestW
InternetWriteFileExA
FtpSetCurrentDirectoryW
InternetGetCookieA

comdlg32

FindTextW
PrintDlgW
FindTextA
ReplaceTextW
GetOpenFileNameA

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a9a4a1fd97cf576bcceaf975bc13804

Headers

File Characteristics

Imports

kernel32

wininet

comdlg32

Sections

.text Size: 148KB - Virtual size: 148KB

.data Size: 139KB - Virtual size: 138KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 148KB - Virtual size: 148KB

.data
Size: 139KB - Virtual size: 138KB

.rsrc
Size: 7KB - Virtual size: 6KB