4de125607cc2e0dfac525cd11020cfed

Sharing

Copy URL Twitter E-mail

General

Target

4de125607cc2e0dfac525cd11020cfed
Size

210KB
MD5

4de125607cc2e0dfac525cd11020cfed
SHA1

b0589ab3f339deeec52cdd09fa532720b7fdb7c8
SHA256

e6e95cb23ebb9e160c0be067aeb405be2f54bb51f3113ab91faad74a4557cd60
SHA512

e088983a51242826711bf51ec44cfdd049552a04ed3887d23984fbea8f9fc363523d7e40597c4e13baf3fb3394bf5edcf6e244a46b913015ee11656efd56823e
SSDEEP

3072:cXoFfY0TZB8rDQjzawmKisy2MSQvWwra89+MfGamvqbiB5qqKtH/hKriRYYAYr+2:cXolewm3r79GamMiBMtJKrYYY+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4de125607cc2e0dfac525cd11020cfed

Files

4de125607cc2e0dfac525cd11020cfed
.exe windows:4 windows x86 arch:x86

e6e1fbe1cea52bf7afc302d30ff2bbb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFiber
LocalAlloc
IsDBCSLeadByte
GetFileAttributesA
GetFileType
GetVolumeInformationW
UnlockFile
SetCommConfig
GetSystemTime
SetEndOfFile
FlushFileBuffers
GetFileTime
EnumResourceNamesW
FileTimeToLocalFileTime
VerLanguageNameW
FlushFileBuffers
CompareStringW
SearchPathW
GetProfileStringW
FindResourceExA
FileTimeToSystemTime
LockFile
GetUserDefaultLangID
GetVersionExW
GetSystemDirectoryW

user32

MonitorFromWindow
ClipCursor
RegisterClassW
ChildWindowFromPoint
UnhookWindowsHookEx
SetClipboardData
DrawEdge
DestroyCursor
CallNextHookEx
SetWindowPos
IsClipboardFormatAvailable
DefWindowProcW
GetSysColorBrush
ToAscii
WinHelpW
DestroyIcon
SetWindowsHookExW
EmptyClipboard
SetScrollRange
GetSysColor

comdlg32

GetFileTitleA

shlwapi

PathCanonicalizeW
PathIsRootW
PathIsRelativeW
PathIsURLW
PathStripToRootW
PathCombineW

ole32

CoTaskMemFree
CoCreateGuid
RegisterDragDrop
RevokeDragDrop
OleRegGetUserType
CoGetClassObject
StgCreateDocfileOnILockBytes
OleDuplicateData
CoTaskMemAlloc
CLSIDFromString
CoFreeUnusedLibraries
GetHGlobalFromILockBytes
CreateStreamOnHGlobal
StringFromCLSID
ProgIDFromCLSID
CoGetMalloc
OleRun
CLSIDFromProgID
CoCreateInstance
OleGetAutoConvert
ReleaseStgMedium
StgOpenStorageOnILockBytes
GetHGlobalFromStream
CreateILockBytesOnHGlobal

comctl32

ImageList_Create
ImageList_GetIconSize
ImageList_Add
ImageList_DrawEx
ImageList_Destroy

rpcrt4

RpcStringBindingComposeA
RpcBindingSetAuthInfoA
NdrClientCall
RpcBindingFromStringBindingA
RpcStringFreeA

gdi32

SetTextColor
AnimatePalette
GetBitmapBits
SetStretchBltMode
ExtCreatePen
GetBkColor
CreateFontIndirectA
CreatePen
FlattenPath
StrokePath
RoundRect
GetPath
PlgBlt
PolyBezier
SetDIBits

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6e1fbe1cea52bf7afc302d30ff2bbb6

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

shlwapi

ole32

comctl32

rpcrt4

gdi32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 14KB - Virtual size: 14KB

.lib Size: 512B - Virtual size: 92KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 14KB - Virtual size: 14KB

.lib
Size: 512B - Virtual size: 92KB