4b401690d39897a13faa9834723e86f2

Sharing

Copy URL Twitter E-mail

General

Target

4b401690d39897a13faa9834723e86f2
Size

143KB
MD5

4b401690d39897a13faa9834723e86f2
SHA1

c223f63603ca3e736bb2338c9fbca282b7efd254
SHA256

e2e8bf6b34e4fa40e648b077f5f51c7ad4a51f8b9283ae0b54393c9cf07b98d1
SHA512

8044d1bf676c7c767ed601326d6c1f6ce5afd8318bb72e34bdc539aafb1699258d2475e1404b736b8888804fe166279bcf37fda6f2a0544af4e729e13b63d787
SSDEEP

3072:017BJgrxGjY6FiTclnAUORx7QUwjoYLK6Kt2r:017BJXlW6oZ662

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b401690d39897a13faa9834723e86f2

Files

4b401690d39897a13faa9834723e86f2
.exe windows:5 windows x86 arch:x86

f5870f5c6f04db0136b5f802f321e656

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
ExitThread
GetDriveTypeW
lstrcpyW
GetProcessHeap
VirtualAlloc
GetVersionExA
LocalFileTimeToFileTime
VirtualProtect
SetHandleCount
DeleteFileW
HeapReAlloc
GetProcAddress
GetComputerNameA
SystemTimeToFileTime
WriteFileGather
GetTempPathA
GlobalSize
CreateFileW
VirtualFree
FormatMessageW
GetNumberFormatW
GlobalAlloc
SetErrorMode
WaitForSingleObject
WriteFileEx
DeleteTimerQueueTimer
ReleaseMutex
CreateEventA
OutputDebugStringA
lstrcmpW
DeleteCriticalSection
LoadLibraryW
GetModuleHandleA

msvcrt

memset
malloc
_wcmdln
exit
_onexit
fprintf
strpbrk
_exit
wcstok
_CxxThrowException
_controlfp
wcsrchr
__setusermatherr
_wcsnicmp
memmove

user32

wsprintfA
DrawTextW
IsWindowEnabled
PostMessageW
PostThreadMessageW
DrawEdge
GetProcessWindowStation
GetMessageW
FillRect
IntersectRect
DefDlgProcW
MsgWaitForMultipleObjects
LoadCursorW
CopyRect
UnregisterClassW
SetDlgItemInt
EnableWindow
RegisterWindowMessageW
SendDlgItemMessageW
FrameRect
RegisterClassW
SystemParametersInfoA
CreateDialogParamW
SetWindowTextA
GetSystemMenu

gdi32

RealizePalette
CreatePen
GetObjectA
SetWindowExtEx
StretchBlt
SetTextAlign
SetStretchBltMode
CreateBitmap
CreateRoundRectRgn
DeleteDC
DeleteObject
GetTextExtentPointW
CreateCompatibleDC
SelectPalette
GetRegionData
ExtTextOutW
CreateCompatibleBitmap
MoveToEx
Rectangle
GetTextMetricsW
SelectObject

tapi32

lineGetIDW
lineCompleteCall
tapiRequestMediaCallA
phoneGetLamp
lineAddProviderW
lineSetAgentMeasurementPeriod
MMCInitialize
phoneShutdown

Exports

Exports

FfdYpvvdxuJgkqeuxJfqxQx
DrrOzvb
StquAiehPztqgumUg

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5870f5c6f04db0136b5f802f321e656

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

tapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 36B

.data Size: 51KB - Virtual size: 51KB

.edata Size: 39KB - Virtual size: 38KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 142B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 36B

.data
Size: 51KB - Virtual size: 51KB

.edata
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 142B