04612a74afc999e49b407e81c3293b26

Sharing

Copy URL

Twitter E-mail

General

Target

04612a74afc999e49b407e81c3293b26
Size

432KB
MD5

04612a74afc999e49b407e81c3293b26
SHA1

4630352e4af11d244c0fc9b6cc74ee460ccfaa11
SHA256

c61bef880eb34fb70a8fd97c8b4732b5fe6c70308ef9e3f80b5c73f9abd8a9e6
SHA512

617b16f034e0077833fbb1f131c214e184b8515d0f75993884b36869dac6de9f2f2f8d11903c05b20aabeaae2206565629baab762fe79bbe73d838b7fb125c1a
SSDEEP

12288:DaLmdfxFX22VZile1DKVPtCEQxID2jE1G0BR:DI/817EiIajE1HBR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04612a74afc999e49b407e81c3293b26

Files

04612a74afc999e49b407e81c3293b26
.exe windows:4 windows x86 arch:x86

77a3fe595807e940806266059497a72f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetPathFromIDListA
FindExecutableA
ShellExecuteA
SHGetSettings
InternalExtractIconListA
DragAcceptFiles
SHBrowseForFolderA
SHGetFileInfo
FreeIconList
ShellHookProc
DoEnvironmentSubstW
SHFormatDrive
SHAppBarMessage
SHChangeNotify
DragQueryFileAorW
SHBrowseForFolder
ShellExecuteEx
SHGetPathFromIDListW
RealShellExecuteW
DoEnvironmentSubstA
SHGetSpecialFolderPathA
InternalExtractIconListW
DragFinish

comdlg32

PageSetupDlgA
GetFileTitleW
PrintDlgA
GetFileTitleA
ReplaceTextW
ReplaceTextA
GetSaveFileNameA
ChooseColorA
GetOpenFileNameW
ChooseColorW
GetOpenFileNameA
GetSaveFileNameW
ChooseFontA
LoadAlterBitmap

advapi32

RegLoadKeyA
RegReplaceKeyW
CryptGetDefaultProviderA
CryptSetHashParam
RegQueryValueExA
AbortSystemShutdownW
RegEnumKeyExA
CryptGenKey
CryptSetProviderW
CryptDuplicateKey
CryptSetProviderA
CryptHashData
RegCreateKeyExA
RegEnumValueA
CryptHashSessionKey
RegSaveKeyA
RegSetValueExW
LookupPrivilegeDisplayNameW
GetUserNameW
DuplicateTokenEx
CryptDuplicateHash
LookupAccountSidW
RegRestoreKeyW
StartServiceA
InitiateSystemShutdownA

wininet

CommitUrlCacheEntryA
InternetShowSecurityInfoByURL
InternetHangUp
SetUrlCacheEntryInfoW
GopherGetLocatorTypeA
InternetCanonicalizeUrlW
FindNextUrlCacheGroup
InternetWriteFileExA
InternetOpenUrlA
InternetSetCookieA
GopherOpenFileA
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetOpenA
InternetGetLastResponseInfoW
GetUrlCacheConfigInfoW
FindNextUrlCacheContainerW

kernel32

HeapSize
TerminateProcess
HeapCreate
GetCurrentThread
InterlockedExchange
GetStartupInfoA
RtlMoveMemory
GetTimeFormatA
GetStdHandle
CompareStringW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
QueryPerformanceCounter
FreeEnvironmentStringsW
GetCurrentThreadId
SetConsoleCtrlHandler
CreateWaitableTimerA
GetACP
GetStringTypeA
VirtualFree
GetFileAttributesExA
IsValidLocale
GetLocaleInfoW
GetStartupInfoW
DeleteCriticalSection
GetDateFormatA
HeapAlloc
CompareStringA
GetStringTypeW
EnterCriticalSection
GetModuleHandleW
InterlockedDecrement
RtlUnwind
GetModuleFileNameW
TlsGetValue
VirtualQuery
FreeLibrary
EnumSystemLocalesA
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
WideCharToMultiByte
IsValidCodePage
CreateMutexW
GetModuleFileNameA
GetSystemDirectoryA
SetConsoleWindowInfo
GetProfileIntA
LCMapStringA
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleA
GetTimeZoneInformation
LeaveCriticalSection
WriteFile
HeapDestroy
GetWindowsDirectoryA
SetStdHandle
GetLastError
HeapFree
HeapReAlloc
LocalCompact
TlsSetValue
LoadLibraryA
Sleep
IsBadWritePtr
LCMapStringW
SetLastError
TlsFree
ExitProcess
GetOEMCP
GetCommandLineW
GetUserDefaultLCID
MultiByteToWideChar
GetCurrentProcessId
LocalReAlloc
SetHandleCount
UnhandledExceptionFilter
GetEnvironmentStringsW
InterlockedIncrement
IsDebuggerPresent
GetProcAddress
WaitCommEvent
GetLocaleInfoA
TlsAlloc
GlobalGetAtomNameA
VirtualAlloc
GetCPInfo
GetFileType
GetVersionExW
WaitForDebugEvent

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77a3fe595807e940806266059497a72f

Headers

File Characteristics

Imports

shell32

comdlg32

advapi32

wininet

kernel32

Sections

.text Size: 117KB - Virtual size: 116KB

.data Size: 309KB - Virtual size: 333KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 117KB - Virtual size: 116KB

.data
Size: 309KB - Virtual size: 333KB

.rsrc
Size: 5KB - Virtual size: 4KB