4e0b2dda7a4d102e9523ab23603f8f18

Sharing

Copy URL

Twitter E-mail

General

Target

4e0b2dda7a4d102e9523ab23603f8f18
Size

131KB
MD5

4e0b2dda7a4d102e9523ab23603f8f18
SHA1

1d9b715dc20a63e1a4be61d54b735abaaf1f7edb
SHA256

16d42832e376ce666a6c8166a70a31972d8c03b7b32ac6051ea2771d9f8b4591
SHA512

4a4877e85aa8503fdcb2af1249cb1a5aec5b62957224d42df61d52b64de370cbc2f8bbfdfbd9238a6e8adb0f52e26ebc2011bb5fb976982d3716fd4bc362b855
SSDEEP

3072:rF6ws7Z6qGqnK+Qfw6mvwlT8k95C5rDW+Bzyt1K2aWiKb:rF6ws7/Mw6mqgRyt1hb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e0b2dda7a4d102e9523ab23603f8f18

Files

4e0b2dda7a4d102e9523ab23603f8f18
.exe windows:5 windows x86 arch:x86

aaa79f661811fd3010f73ecdb250073c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFreeEx
Sleep
ReadProcessMemory
GetVersionExW
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
SetNamedPipeHandleState
WaitForMultipleObjects
lstrcmpiW
FindNextFileW
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
CloseHandle
FileTimeToLocalFileTime
GetProcessHeap
GetFileInformationByHandle
WideCharToMultiByte
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
GetDriveTypeW
GetLogicalDrives
ExitThread
SetThreadPriority
CreateTimerQueueTimer
GetCommandLineA
CopyFileW
GetModuleFileNameW
Process32FirstW
Process32NextW
SetEvent
GetFileSize
SetFilePointer
GetExitCodeProcess
GetUserDefaultUILanguage
lstrcmpiA
GetPrivateProfileStringW
GetPrivateProfileIntW
GetThreadPriority
ConnectNamedPipe
CreateNamedPipeW
GetProcessTimes
DisconnectNamedPipe
lstrcatW
lstrcpyW
lstrcpyA
GlobalLock
GlobalUnlock
ResetEvent
MoveFileExW
VirtualFree
GetCurrentThread
GetTickCount
GetComputerNameW
Thread32First
OpenProcess
WriteFile
WaitNamedPipeW
VirtualQueryEx
SetFileTime
LocalFree
IsBadReadPtr
CreateDirectoryW
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
GetNativeSystemInfo
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
WriteProcessMemory
GetCurrentProcessId
CreateEventW
GetProcAddress
GetModuleHandleW
SetErrorMode
SetThreadContext
GetThreadContext
ExitProcess
GetSystemTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteFileW
WaitForSingleObject

user32

OpenDesktopA
ExitWindowsEx
ToUnicode
GetClipboardData
GetKeyboardState
SetProcessWindowStation
CloseWindowStation
CloseDesktop
TranslateMessage
DispatchMessageW
PeekMessageW
CharLowerW
GetCursorPos
GetIconInfo
DrawIcon
LoadCursorW
GetWindowThreadProcessId
SetThreadDesktop
CharLowerBuffA
OpenWindowStationA
GetForegroundWindow
MsgWaitForMultipleObjects

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegSetValueExW
CryptHashData
RegSetValueExA
RegCreateKeyExA
RegDeleteValueW
RegEnumKeyExW
GetUserNameW
LookupAccountSidW
DuplicateTokenEx
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
CryptCreateHash

shlwapi

StrCmpNIW
SHDeleteKeyA
StrStrIW
PathCombineW
wvnsprintfW
PathFindFileNameW
PathRemoveFileSpecW
PathMatchSpecW
wvnsprintfA
wnsprintfW
StrStrW
wnsprintfA
StrCmpNIA
StrStrIA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

secur32

GetUserNameExW

psapi

GetModuleFileNameExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

listen
send
freeaddrinfo
closesocket
WSASetLastError
WSASend
WSAGetLastError
WSAIoctl
getpeername
connect
WSAAddressToStringW
WSAStartup
recvfrom
getaddrinfo
select
getsockname
shutdown
setsockopt
sendto
recv
bind
accept
socket

crypt32

CertDeleteCertificateFromStore
CertCloseStore
PFXImportCertStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx
CertOpenSystemStoreW

wininet

InternetCrackUrlA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetOpenUrlA
FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetGetCookieA

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aaa79f661811fd3010f73ecdb250073c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

psapi

ole32

ws2_32

crypt32

wininet

oleaut32

Sections

.text Size: 86KB - Virtual size: 86KB

.data Size: 25KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 4KB

.data1 Size: 3KB - Virtual size: 3KB

.text
Size: 86KB - Virtual size: 86KB

.data
Size: 25KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 4KB

.data1
Size: 3KB - Virtual size: 3KB