0066de0a89bd9c7ad56c87b8bbc18792

Sharing

Copy URL Twitter E-mail

General

Target

0066de0a89bd9c7ad56c87b8bbc18792
Size

462KB
MD5

0066de0a89bd9c7ad56c87b8bbc18792
SHA1

aedb3946790bf076bfb0f94167c0d4962270d304
SHA256

c614dcfe44b344d7b561262f21bc9c11e7958ccd432a0582127edc4c0028ea4a
SHA512

a8c950219cf52947486b2fae1875c906c5b7e624fe727aea750a81afe4c64a42e513cd111715c73e7ca7501812c40636671de900378c75df9b325c9f44560976
SSDEEP

12288:ZwDP0m0PJyLhZbbM44XnNFCaoe1iYCZhibTC:i0m0ehZz4XN2Fni6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0066de0a89bd9c7ad56c87b8bbc18792

Files

0066de0a89bd9c7ad56c87b8bbc18792
.exe windows:4 windows x86 arch:x86

aeab6b4dde0a3a7395d088d6192df87b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
EnterCriticalSection
LCMapStringW
CompareStringA
RtlUnwind
GetUserDefaultLCID
LocalReAlloc
GetCurrentProcess
GetStdHandle
VirtualAlloc
SetConsoleCtrlHandler
IsValidLocale
HeapReAlloc
GetLocaleInfoA
LoadLibraryExW
GetLastError
GetACP
MultiByteToWideChar
GetModuleFileNameA
GetCommandLineA
GetTimeZoneInformation
ExitProcess
GetEnvironmentStrings
GetTimeFormatA
HeapDestroy
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
FreeLibrary
InterlockedDecrement
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAdjustment
SetLastError
TlsGetValue
FreeEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapFree
GetConsoleScreenBufferInfo
SetEnvironmentVariableA
GetCurrentProcessId
SetConsoleMode
GetVersionExA
GetStringTypeW
TlsAlloc
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStringsW
HeapCreate
GetCPInfo
IsValidCodePage
Sleep
UnmapViewOfFile
CompareStringW
GetModuleHandleA
CreateEventW
WriteFile
CreateThread
VirtualQueryEx
SetHandleCount
MoveFileW
GetLocaleInfoW
EnumSystemLocalesA
HeapSize
GetProcAddress
GetFileType
GetOEMCP
DeleteCriticalSection
LCMapStringA
InterlockedExchange
InterlockedIncrement
WideCharToMultiByte
GetStartupInfoA
VirtualQuery
TlsSetValue
TlsFree
VirtualFree
LeaveCriticalSection
GetCurrentThreadId
IsDebuggerPresent
OpenProcess
TerminateProcess
GetDateFormatA

advapi32

ReportEventA
RegDeleteValueA
LookupAccountNameA
RegConnectRegistryW
LookupSecurityDescriptorPartsW
InitializeSecurityDescriptor
LookupAccountSidW
RegQueryMultipleValuesA
CryptVerifySignatureA
LookupAccountSidA
RegQueryInfoKeyA
RegConnectRegistryA
CryptDestroyHash
CryptSetProvParam
CryptSetProviderA
RegQueryValueW
CryptGetProvParam
CryptReleaseContext
RegRestoreKeyA
CryptGenKey
RegDeleteValueW
RegCreateKeyExA
RegEnumKeyW

wininet

GetUrlCacheGroupAttributeA
CreateUrlCacheEntryA
InternetCanonicalizeUrlA
InternetCheckConnectionW
InternetErrorDlg
DeleteUrlCacheGroup
FindFirstUrlCacheGroup
GopherOpenFileW
FindNextUrlCacheContainerW
FtpGetFileEx
InternetDial
GetUrlCacheConfigInfoW
FindFirstUrlCacheContainerA
InternetOpenUrlW
InternetSetCookieA
FtpRenameFileA
FtpGetFileSize
InternetOpenW

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeab6b4dde0a3a7395d088d6192df87b

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

Sections

.text Size: 144KB - Virtual size: 143KB

.data Size: 312KB - Virtual size: 326KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 144KB - Virtual size: 143KB

.data
Size: 312KB - Virtual size: 326KB

.rsrc
Size: 5KB - Virtual size: 5KB