42733ae30df17508f852ac1bbaafc044

Sharing

Copy URL Twitter E-mail

General

Target

42733ae30df17508f852ac1bbaafc044
Size

212KB
MD5

42733ae30df17508f852ac1bbaafc044
SHA1

cebd1c7d09a26634558a8dc19d8105c475cbce51
SHA256

cb76e9c765c5015f876c59b89e88d3be71c28c5105350eb7202ef404efe52630
SHA512

e77689fbd98fb5d8bb31c75ade94095319cd10a1e779c4013458dcb330707587d8e0375aafe063feca9e32caa7aebd1e2f2909659880876d9a63afa8adfaec5c
SSDEEP

6144:ztGOBvF2MUIAx4O6p7ja2NTl5dfIU07fh:zPFsIopW7ja2NTl5dfzup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42733ae30df17508f852ac1bbaafc044

Files

42733ae30df17508f852ac1bbaafc044
.exe windows:4 windows x86 arch:x86

f0291de02b0c8c7475394a83fe9fc8a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoCreateInstance

kernel32

DeleteCriticalSection
lstrcpyA
GetCurrentProcess
OpenProcess
GetExitCodeProcess
GetExitCodeThread
DuplicateHandle
CloseHandle
Sleep
GetProcAddress
CreateEventA
GetCurrentThreadId
GetCurrentProcessId
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
lstrlenA
GetWindowsDirectoryA
GetFileAttributesA
lstrcatA
CopyFileA
GetModuleFileNameA
DeleteFileA
WaitForSingleObject
CreateMutexA
ResumeThread
CreateThread
TerminateThread
FindResourceA
GetLocaleInfoA
lstrcpynA
LoadResource
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
GetCommandLineA
SizeofResource
IsDBCSLeadByte
GetACP
MultiByteToWideChar
RaiseException
InterlockedExchange
GetLastError
SetLastError
GetThreadLocale
GetModuleHandleA
LoadLibraryExA
GetVersionExA
GlobalSize
GlobalAlloc
GlobalFree
CreateFileA
WriteFile
FindResourceExA
LockResource
LoadLibraryA
CreateDirectoryA
GetTempPathA
GetVolumeInformationA
GetLocalTime
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
GetThreadContext
SetThreadContext
CreateProcessA
FlushInstructionCache
GetShortPathNameA
VirtualProtectEx
WriteProcessMemory
SetFilePointer
SetFileTime
ReadFile
GetFileTime
TerminateProcess
Process32First
Process32Next
CreateToolhelp32Snapshot
VirtualFree
VirtualAlloc
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
GetFileAttributesExA
GetStartupInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
HeapReAlloc
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
IsBadWritePtr
HeapSize
GetOEMCP
GetCPInfo
RtlUnwind
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
LocalFree
EnterCriticalSection
lstrcmpiA
lstrlenW
LeaveCriticalSection
WideCharToMultiByte
InitializeCriticalSection
FreeLibrary
lstrcmpA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetTickCount
VirtualFreeEx

user32

MsgWaitForMultipleObjects
CharNextA
TranslateMessage
GetMessageA
SetTimer
IsChild
KillTimer
IsWindowEnabled
SetWinEventHook
wsprintfA
EnumWindows
GetWindowLongA
GetDesktopWindow
IsWindowVisible
GetWindowModuleFileNameA
GetWindowThreadProcessId
wvsprintfA
DispatchMessageA

advapi32

AdjustTokenPrivileges
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA

oleaut32

VarBstrCat
SysAllocStringByteLen
SysStringLen
VarUI4FromStr
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocString
SysAllocStringLen

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 84KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0291de02b0c8c7475394a83fe9fc8a5

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 84KB - Virtual size: 96KB

.rsrc Size: 4KB - Virtual size: 512B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 84KB - Virtual size: 96KB

.rsrc
Size: 4KB - Virtual size: 512B

.reloc
Size: 12KB - Virtual size: 9KB