117b5c736180344d42c05c8d2e321f0a

Sharing

Copy URL

Twitter E-mail

General

Target

117b5c736180344d42c05c8d2e321f0a
Size

120KB
MD5

117b5c736180344d42c05c8d2e321f0a
SHA1

f43568eed7550b326f1630a478802be4cec94842
SHA256

6df36cff07a6b5e3da92d65093a27da77e11a7176553547df0c97e1c908abf99
SHA512

97002e94952f6e599e6ff738fa49ff6c21e5a74e38d2c6e4e69a115c29e25a71640d24829242a4f091406a446700aa0c01adcbc0ba6fa3cdaa84bb9f40bb9df9
SSDEEP

1536:dRaYfD50cWIwhPxUCAufAewPyTx+nTTv2I27Z8YA2PPO4VtQNIhU3E:n4PxUjoAewbC8uPPO4VtwIhUU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
117b5c736180344d42c05c8d2e321f0a

Files

117b5c736180344d42c05c8d2e321f0a
.exe windows:4 windows x86 arch:x86

d6130eb588aee78b0ab1804afc7592e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Module32First
TerminateProcess
CreateWaitableTimerA
SetWaitableTimer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CreateDirectoryA
GetModuleFileNameA
CopyFileA
SetFileAttributesA
WriteFile
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetVersionExA
Process32Next
SetFilePointer
ReadFile
DeleteFileA
GetEnvironmentVariableA
MoveFileA
FlushFileBuffers
SetStdHandle
CloseHandle
Process32First
CreateToolhelp32Snapshot
Sleep
GetCurrentProcess
DuplicateHandle
OpenProcess
GetCurrentProcessId
GetFileSize
CreateFileA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
RaiseException
VirtualAlloc
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetVersion
GetCommandLineA

user32

DispatchMessageA
PeekMessageA
MessageBoxA
PostMessageA
GetMessageA
wsprintfA
GetInputState
TranslateMessage
MsgWaitForMultipleObjects
EnumChildWindows
GetWindowTextA

advapi32

LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

shlwapi

PathFindFileNameA
PathFileExistsA

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetSetCookieA
InternetOpenA
HttpQueryInfoA

oleaut32

SafeArrayGetDim
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
LoadTypeLi
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6130eb588aee78b0ab1804afc7592e2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

wininet

oleaut32

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 79KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 79KB