4c3354c4ea7d8ec5ab9ffc56dd92cdd0

Sharing

Copy URL Twitter E-mail

General

Target

4c3354c4ea7d8ec5ab9ffc56dd92cdd0
Size

408KB
MD5

4c3354c4ea7d8ec5ab9ffc56dd92cdd0
SHA1

cc6adf8db4f878339b2ebe7241b77a0f1c7513c1
SHA256

c18d435e38b9c4bd40759e0936a88f949489398101ec64db1f4a44bbe278ac69
SHA512

62a7aa44c49be0ee97850a63b3aca4b48226158ae7a9cc62297629f44c0da420106973fd8ee1c5b39b8b928b94d07e96b5ec2097ecde6d77eb55a7234cd32558
SSDEEP

6144:NkEftYkrHWjHuoHKcDyiv1kS5K+hWKeKZoVHYRkPt1FdMfWlJDbb:awtYkjWjHuqKKRv1aUQVHYiFauJD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c3354c4ea7d8ec5ab9ffc56dd92cdd0

Files

4c3354c4ea7d8ec5ab9ffc56dd92cdd0
.exe windows:4 windows x86 arch:x86

2108e4b903bff44586cf3a43df42bcb0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetInstanceExplorer
RealShellExecuteExA
SHFileOperation
SHInvokePrinterCommandW
ShellExecuteExW

gdi32

GdiFlush
GetBoundsRect
LineDDA
EnumICMProfilesA
SetMetaRgn
gdiPlaySpoolStream
RectVisible
FloodFill
PolyTextOutW
PlayMetaFile
GetBitmapDimensionEx
PolyPolyline
RemoveFontResourceA
SetSystemPaletteUse
OffsetClipRgn
GetRandomRgn

comdlg32

GetFileTitleW
FindTextA
GetOpenFileNameW
ChooseFontW
ChooseColorA

advapi32

CryptReleaseContext
LookupPrivilegeValueW
RegNotifyChangeKeyValue
RegDeleteKeyW
LookupSecurityDescriptorPartsA
RevertToSelf
RegFlushKey

kernel32

SetHandleCount
SetVolumeLabelW
GetStdHandle
GetCommandLineA
HeapReAlloc
GetCurrentThreadId
EnumCalendarInfoA
SetVolumeLabelA
GetStartupInfoA
IsValidLocale
MultiByteToWideChar
LoadLibraryA
HeapCreate
HeapDestroy
GetTickCount
GetStartupInfoW
UnhandledExceptionFilter
EnumSystemLocalesA
GetEnvironmentStringsW
GetModuleHandleA
GetModuleFileNameA
ReleaseSemaphore
GetFileAttributesW
GetCurrentProcessId
SetSystemTime
TlsFree
GetPrivateProfileStringA
GetCurrentProcess
TlsSetValue
GetFileType
HeapFree
RtlMoveMemory
TlsAlloc
ExitProcess
FreeEnvironmentStringsW
GetModuleFileNameW
WaitCommEvent
DeleteCriticalSection
WriteFile
GetVersion
GetCommandLineW
LeaveCriticalSection
VirtualFree
GetCurrentThread
RtlUnwind
GetSystemTimeAsFileTime
GetEnvironmentStrings
GetSystemInfo
GetProcAddress
VirtualQuery
IsBadWritePtr
InitializeCriticalSection
GetSystemTimeAdjustment
EnterCriticalSection
TerminateProcess
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
InterlockedExchange
HeapAlloc
QueryPerformanceCounter
GetLastError
WriteConsoleOutputA
LocalCompact
TlsGetValue
VirtualAlloc
WritePrivateProfileSectionA
SetLastError

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2108e4b903bff44586cf3a43df42bcb0

Headers

File Characteristics

Imports

shell32

gdi32

comdlg32

advapi32

kernel32

Sections

.text Size: 134KB - Virtual size: 134KB

.data Size: 266KB - Virtual size: 266KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 134KB - Virtual size: 134KB

.data
Size: 266KB - Virtual size: 266KB

.rsrc
Size: 6KB - Virtual size: 5KB