4297e3c519f770406d67d9a7ecf0e186

Sharing

Copy URL Twitter E-mail

General

Target

4297e3c519f770406d67d9a7ecf0e186
Size

265KB
MD5

4297e3c519f770406d67d9a7ecf0e186
SHA1

ede965895241ca2540994c866538c697002ab6ef
SHA256

e105d1daf192f864e5bdc0eb0722670b869b00b1b7afc9ffe76f8cbe4add43fc
SHA512

196b69928b27ecb24d861d338c29f8c030eda915c591575fb5f10d31361f7978312d22b6a3c663a11b98d78a3035d20ac5de16f4aad3c444dbbadc23f80f93c5
SSDEEP

6144:6X2A9oKhjY9k2dsxLAnjP1iAmtUe2QWng6A1ZAa:6lr0ktLQjAAmOHg6QAa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4297e3c519f770406d67d9a7ecf0e186

Files

4297e3c519f770406d67d9a7ecf0e186
.exe windows:4 windows x86 arch:x86

6fa01014b6dff9f206c7ab34949f693c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHBindToParent

user32

DestroyMenu
LoadStringW
GetSubMenu
CreatePopupMenu
MessageBoxW
CharNextW
SetCursor
LoadCursorW
InsertMenuW
SetMenuDefaultItem
GetMenuItemCount
DeleteMenu
SetWindowTextW
SendMessageW
InsertMenuItemW
RegisterClipboardFormatW
GetMenuItemInfoW
RemoveMenu
LoadMenuW

advapi32

CreateServiceW
CancelOverlappedAccess
CredRenameW
BuildTrusteeWithNameA
ControlTraceA
ConvertSidToStringSidA

kernel32

FreeLibrary
CreateFileW
GlobalAlloc
GlobalHandle
QueryPerformanceCounter
SetThreadPriority
lstrlenA
GetWindowsDirectoryW
InterlockedIncrement
GetTempPathW
GetProcAddress
lstrcpynA
InterlockedDecrement
GetSystemDirectoryW
GetModuleFileNameW
GetTickCount
LoadLibraryW
GetCurrentProcessId
lstrcmpiW
_llseek
LocalAlloc
GlobalLock
GetStartupInfoA
lstrcmpW
GetShortPathNameW
LocalFree
GlobalFree
TerminateProcess
LocalFileTimeToFileTime
GetCurrentThreadId
_lwrite
lstrcpynW
GetCurrentThread
lstrlenW
_lread
SetUnhandledExceptionFilter
GetTempFileNameW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GlobalUnlock
_lclose
GetModuleHandleW
GetVersionExW
DosDateTimeToFileTime

rpcrt4

RpcStringFreeW

ole32

CoInitializeEx
ReleaseStgMedium
OleSetClipboard
CoCreateInstance
CoTaskMemFree
CoUninitialize

shlwapi

PathFindFileNameW
StrRetToBufW
PathAppendW
PathCombineW
wnsprintfW
StrCmpNW
SHStrDupW
PathAddBackslashA
StrFormatKBSizeW
StrCpyNW
PathFindFileNameA

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege
RtlAddAce

msvcrt

malloc
memmove
_initterm
free
_except_handler3
_adjust_fdiv

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 220KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fa01014b6dff9f206c7ab34949f693c

Headers

File Characteristics

Imports

shell32

user32

advapi32

kernel32

rpcrt4

ole32

shlwapi

ntdll

msvcrt

Sections

.text Size: 118KB - Virtual size: 118KB

.rsrc Size: 36KB - Virtual size: 35KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 220KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 118KB - Virtual size: 118KB

.rsrc
Size: 36KB - Virtual size: 35KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 220KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 36B