045763e6ce6eb8c08c55ebd9e54f3cd3

Sharing

Copy URL Twitter E-mail

General

Target

045763e6ce6eb8c08c55ebd9e54f3cd3
Size

244KB
MD5

045763e6ce6eb8c08c55ebd9e54f3cd3
SHA1

fe3bd6ab851c70b3d8aadc7df2753db7fa91c5ac
SHA256

c63522f52a0333ad38f92e639e138174514b3391038782bcebdd0c19d6869598
SHA512

0e7efe6c5f8aed440b3b2dd6fec40dfafc6e0fd81ea1876b7885d642cb5d3f549081ac5c60e42dfb3943ebb22cf5b2fc2bf142d9c19b95b23990519f8b4d277e
SSDEEP

6144:dZi855mJYkdVym3gLoqVRZ1Iw4wl+l/MnAyyFj7V89bHwni0uyULj:Di855Vm3OoqVRZ1Iw4wwqAyHzZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
045763e6ce6eb8c08c55ebd9e54f3cd3

Files

045763e6ce6eb8c08c55ebd9e54f3cd3
.exe windows:4 windows x86 arch:x86

573eefe881a4634331a97e620bad92a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
OpenProcess
TerminateProcess
TerminateThread
Sleep
MulDiv
ExitProcess
GetLastError
LoadLibraryA
CreateThread
GetCurrentThreadId
CloseHandle
FreeResource
GetProcAddress
GetLocaleInfoA
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
CreateFileA
WriteFile
CopyFileA
GetCommandLineA
GetExitCodeThread
HeapFree
GetModuleFileNameA
GetCPInfo
TlsGetValue
UnhandledExceptionFilter
TlsAlloc
SetLastError
LCMapStringW
LCMapStringA
TlsSetValue
SetStdHandle
GetFileType
MultiByteToWideChar
SetHandleCount
SetFilePointer
GetStdHandle
VirtualAlloc
InitializeCriticalSection
VirtualFree
DeleteCriticalSection
HeapDestroy
ReadFile
HeapCreate
GetStartupInfoA
GetModuleHandleA
GetVersion
HeapReAlloc
WideCharToMultiByte
HeapSize
InterlockedDecrement
GetLocalTime
InterlockedIncrement
GetTimeZoneInformation
CompareStringW
CompareStringA
SetEnvironmentVariableA
SizeofResource
SetEndOfFile
GetOEMCP
GetACP
EnterCriticalSection
GetEnvironmentStringsW
GetSystemTime
GetStringTypeW
GetStringTypeA
FlushFileBuffers
RtlUnwind
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LeaveCriticalSection
GetCurrentProcess
HeapAlloc

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

gdi32

SetBkMode
CreateFontA
GetDeviceCaps
CreateSolidBrush
GetStockObject
SelectObject

shell32

ShellExecuteA

user32

SetDlgItemTextA
GetClientRect
MessageBoxA
FindWindowA
EndDialog
SendDlgItemMessageA
PostMessageA
DialogBoxParamA
InvalidateRect
GetWindowTextA
GetWindowThreadProcessId
EnumWindows
DrawTextA
GetClassNameA
EndPaint
TranslateMessage
GetMessageA
RegisterClassA
DispatchMessageA
LoadCursorA
CreateWindowExA
wsprintfA
SystemParametersInfoA
GetDC
DestroyWindow
PostThreadMessageA
SendMessageA
ReleaseDC
GetDlgItem
SetWindowTextA
GetDlgItemTextA
SetTimer
BeginPaint
ShowWindow
DefWindowProcA
FillRect

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

gethostname
bind
listen
accept
WSACleanup
send
gethostbyname
WSAStartup
setsockopt
connect
recv
shutdown
socket
sendto
closesocket
ioctlsocket
htons

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

573eefe881a4634331a97e620bad92a3

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

shell32

user32

version

wsock32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 28KB - Virtual size: 220KB

.rsrc Size: 116KB - Virtual size: 114KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 28KB - Virtual size: 220KB

.rsrc
Size: 116KB - Virtual size: 114KB