041c0b9c6ca67f01a01cd0968a8c31dd

Sharing

Copy URL

Twitter E-mail

General

Target

041c0b9c6ca67f01a01cd0968a8c31dd
Size

300KB
MD5

041c0b9c6ca67f01a01cd0968a8c31dd
SHA1

097a97a2064823b7d5c2cf921aac74f30eea8759
SHA256

20a6d8cb85902c063e8e1f5bf556ab06dc69b420c817741f576a867e10a6cbab
SHA512

21c04240887cfb21609b8bd7f1c18964270c421a940afba22b77990c014cedcdf8c48a9411bcb6ea989aaae7cd17a6714dfe61d116e2a97079b4d40ccf25472e
SSDEEP

3072:uEzTuJhQqylCHOjiLiX3ln1tjR5dU+qDjBNmpVUbbu0pVWdnu7YwM2pRHHW1a/0M:uTLkjnqXWp8pVkupxWcWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
041c0b9c6ca67f01a01cd0968a8c31dd

Files

041c0b9c6ca67f01a01cd0968a8c31dd
.exe windows:4 windows x86 arch:x86

f6043174b6b311bd0cc545918bcf4923

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DrawEx
ImageList_Draw
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent
ImageList_Destroy

shlwapi

PathFindExtensionW
PathRenameExtensionW
PathFileExistsW

ezi_http

?ezi_http_open_request_async@@YAHPAXPAPAXPADHPAPAUWININET_CB_CONTEXT@@K@Z
?ezi_http_add_request_headers@@YAHPAXPAD@Z
?ezi_http_send_request_async@@YAHPAX0KPAUWININET_CB_CONTEXT@@K@Z
?ezi_http_query_auth_status@@YAHPAXPAK@Z
?ezi_http_close_request_async@@YAHPAPAXPAPAUWININET_CB_CONTEXT@@@Z
?ezi_http_disconnect_internet_async@@YAHPAPAXPAPAUWININET_CB_CONTEXT@@@Z
?ezi_http_close_internet_async@@YAHPAPAX@Z
?ezi_http_free@@YAXPAPAX@Z
?ezi_http_open_internet_async@@YAHPAPAXPADP6GXPAXKK2K@Z@Z
?ezi_http_connect_internet_async@@YAHPAXPAPAXPAD22PAPAUWININET_CB_CONTEXT@@K@Z

ezi_zlib

?ezi_zlib_compress@@YAHPAD@Z

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLastError
SetLastError
lstrcpyW
MultiByteToWideChar
lstrcmpW
CreateProcessW
CloseHandle
GetTickCount
FormatMessageW
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
CreateFileW
InitializeCriticalSection
FlushFileBuffers
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
WriteFile
ExitProcess
HeapSize
GetLocaleInfoW
CreateFileA
GetTimeZoneInformation
CompareStringA
CompareStringW
WriteConsoleW
GetCurrentThread
InterlockedDecrement
GetCurrentThreadId
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
FatalAppExitA
VirtualAlloc
HeapReAlloc
ReadFile
SetStdHandle
GetFileType
SetFilePointer
SetHandleCount
GetStdHandle
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetEnvironmentVariableA

user32

CheckDlgButton
EndDialog
ShowWindow
IsDlgButtonChecked
DialogBoxParamW
GetDesktopWindow
EnumPropsExW
EnumPropsW
RemovePropW
GetPropW
SetPropW
GetSystemMetrics
SetCursor
CallWindowProcW
LoadImageW
GetWindowTextW
DrawFocusRect
GetParent
SendMessageW
RedrawWindow
GetWindowLongW
SetWindowLongW
SendDlgItemMessageW
GetDlgItem
LoadCursorW
SetWindowTextW
DrawTextW

gdi32

GetStockObject
CreateFontIndirectW
SetTextColor
SetBkMode
SelectObject
DeleteObject

shell32

ShellExecuteW
CommandLineToArgvW

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6043174b6b311bd0cc545918bcf4923

Headers

File Characteristics

Imports

comctl32

shlwapi

ezi_http

ezi_zlib

kernel32

user32

gdi32

shell32

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 160KB - Virtual size: 160KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 160KB - Virtual size: 160KB