47f62202693519477f6c273615bc64db

Sharing

Copy URL

Twitter E-mail

General

Target

47f62202693519477f6c273615bc64db
Size

6.9MB
MD5

47f62202693519477f6c273615bc64db
SHA1

4b0bc7d7de509f0ab0f1dd0107dc4e10e7a491ca
SHA256

f10925f8b48497761c863d748e690bb92321ef8b328bb597e8c76741ed8d56e2
SHA512

886e420c7fe12a983cacb32a0bb89139ef0bfcb8f59f7049b7ea3bc779328372bef037ffd48a34aa3f28e1e0b3432039a3674e9b2d6ad254e8f2a3c7ae74d6ab
SSDEEP

98304:XMrQ25ZRdtFnC9m4wbQpx2Wez72z7PcSU/r8QYKroPESWdZKqvNVjoFS8BBzRRpr:pNiTzoPETdZNv/KNBXpaZBbRH2wq1pn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47f62202693519477f6c273615bc64db

Files

47f62202693519477f6c273615bc64db
.exe windows:6 windows x86 arch:x86

4f03247e8e2133cbc29da43042c8041e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTokenInformation

kernel32

SetLastError
LocalFree
CloseHandle
GetCurrentThread
GlobalAlloc
MultiByteToWideChar
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
MulDiv
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalFree
GlobalHandle
WaitForSingleObject
CreateFileW
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetVersionExW
GetProcAddress
Sleep
RemoveDirectoryW
DeleteFileW
CreateEventW
SetEvent
GetCurrentProcessId
GetTempPathW
CreateDirectoryW
GetExitCodeProcess
LocalUnlock
LockResource
FormatMessageW
CreateMutexW
VerLanguageNameW
GetModuleHandleW
lstrlenW
GetCurrentProcess
FlushInstructionCache
GetLastError
LeaveCriticalSection
EnterCriticalSection
LoadResource
RaiseException
FindResourceExW
FindResourceW
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
RtlUnwind
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetOEMCP
GetCPInfo
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SizeofResource
LocalLock
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

gdi32

CreateCompatibleDC
GetStockObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
GetObjectW

user32

DispatchMessageA
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjects
IsRectEmpty
PeekMessageW
MessageBoxW
MapDialogRect
SetWindowContextHelpId
PostThreadMessageW
GetSystemMetrics
EndDialog
GetMessageW
CharUpperW
TranslateMessage
DispatchMessageW
LoadIconW
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
MoveWindow
CharNextW
GetSysColor
DefWindowProcW
GetKeyState
GetFocus
GetWindow
SystemParametersInfoW
MapWindowPoints
IsWindow
IsDialogMessageW
GetDlgItem
IsChild
SendDlgItemMessageW
GetNextDlgTabItem
EnableWindow
ShowWindow
ScreenToClient
GetClientRect
GetWindowRect
SetWindowPos
PostMessageW
PostQuitMessage
GetWindowLongW
CreateWindowExW
RegisterClassExW
SendMessageW
LoadCursorW
GetClassInfoExW
GetDlgCtrlID
GetParent
SetWindowLongW
DestroyWindow
GetDesktopWindow
UnregisterClassA

shell32

ord680
CommandLineToArgvW
SHAppBarMessage
ShellExecuteExW

ole32

CoUninitialize
CoQueryProxyBlanket
CoInitializeEx
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoCreateInstance
CoCopyProxy

oleaut32

VarBstrCmp
VariantClear
VariantInit
SafeArrayLock
SafeArrayUnlock
SysFreeString
SafeArrayDestroy
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringLen
SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
DispCallFunc
SysAllocString
VariantChangeType

rpcrt4

UuidFromStringW
UuidCreate

shlwapi

PathAppendW
PathAddBackslashW
PathFindFileNameW
PathCombineW

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrustEx
WTHelperProvDataFromStateData

crypt32

CertVerifyCertificateChainPolicy

userenv

UnloadUserProfile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.8MB - Virtual size: 18.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f03247e8e2133cbc29da43042c8041e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

rpcrt4

shlwapi

wintrust

crypt32

userenv

version

Sections

.text Size: 168KB - Virtual size: 167KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 18.8MB - Virtual size: 18.8MB

.text
Size: 168KB - Virtual size: 167KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 18.8MB - Virtual size: 18.8MB