4d62038ed16e5d347ae66be8907afb92

Sharing

Copy URL Twitter E-mail

General

Target

4d62038ed16e5d347ae66be8907afb92
Size

52KB
MD5

4d62038ed16e5d347ae66be8907afb92
SHA1

c23976bcd6947415abc7524573363353f7e15424
SHA256

7cbef3afaf2da38b095bec67cc6f716e16f32d6f44b47d4265e2d8f377a06614
SHA512

0a037f33ff171f32194dff1c688afa775c5384c9a863bc71d0bbdedc3b007d4c94e39c0ed17e3fee7e750bd8e3c727c60f9dfb5e0378ed1f9c303c68f7e61d3b
SSDEEP

768:eqDBMZNdziELBV7GM5BsMPcdMiQc32kXzmVkkrAUzH0XUX:zGViEL1Bs0iZNGTYX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d62038ed16e5d347ae66be8907afb92

Files

4d62038ed16e5d347ae66be8907afb92
.exe windows:4 windows x86 arch:x86

3de7c8df1092db1e74de057d63502c1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
CreateEventA
CreateMutexA
InitializeCriticalSection
RegisterServiceProcess
GetCurrentProcessId
LocalFree
OpenMutexA
Sleep
WaitForSingleObject
SetEvent
ReleaseMutex
WriteProfileStringA
lstrcatA
lstrcpyA
EnterCriticalSection
IsBadReadPtr
GetProcAddress
LoadLibraryA
GetProfileStringA
SetFilePointer
SetStdHandle
FlushFileBuffers
HeapAlloc
HeapFree
WriteFile
HeapCreate
GetStdHandle
GetFileType
SetHandleCount
lstrcmpiA
CloseHandle
LeaveCriticalSection
CreateThread
lstrcmpA
FreeLibrary
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
UnhandledExceptionFilter
RtlUnwind
GetModuleFileNameA
GetVersion
GetCPInfo
GetOEMCP
ExitProcess
GetStartupInfoA
GetModuleHandleA
GetLastError
GetCommandLineA

user32

CreateWindowExA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA
RegisterSystemThread
RegisterClassA
PostQuitMessage
DestroyWindow
DefWindowProcA

gdi32

ord104

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA

spoolss

ReadPrinter
EnumPrintProcessorDatatypesA
GetPrintProcessorDirectoryA
EnumPrintProcessorsA
AddPrintProcessorA
ScheduleJob
DeletePrinterDriverA
GetPrinterDriverDirectoryA
GetPrinterDriverA
EnumPrinterDriversA
AddPrinterDriverA
GetPrinterA
SetPrinterA
DeletePrinterConnectionA
AddPrinterConnectionA
WaitForPrinterChange
SetPrinterDataA
GetPrinterDataA
GetJobA
SetJobA
EnumPrintersA
CallVSpoolerSignal
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
ChangeDefaultPrinter
ShutDownSpoolss
CheckNetAvailability
PrintShadowJobs
RespondToConfigChange
CheckNotSplSem
InitializeRouter
EnumPortsA
EnumJobsA
AddMonitorA
ConfigurePortA
PrinterMessageBoxA
AddPrintProvidorA
DeleteMonitorA
DeletePrintProcessorA
AbortPrinter
DeletePrintProvidorA
DeletePortA
DeletePrinter
ClosePrinter
AddPrinterA
AddPortA
EnumMonitorsA
AddJobA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3de7c8df1092db1e74de057d63502c1e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

spoolss

Sections

.text Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 12KB - Virtual size: 12KB