4ebb3a6844ea349dc44cc5fde2802216

Sharing

Copy URL

Twitter E-mail

General

Target

4ebb3a6844ea349dc44cc5fde2802216
Size

198KB
MD5

4ebb3a6844ea349dc44cc5fde2802216
SHA1

61878631b8685b97caf7fa273468a5c5a7335ed4
SHA256

3e5c0b2a24b5195e7c40cfe3d1af022e3f1fd8c27e36235f47d1cd8882dbb70c
SHA512

ed7f831a14524c073729ff2d3b98ea258d0a5fefd86fde54d4772bc74a75160b58bdc8b1e2935522e4293de8435788a0caaeba91107bef4db158dacbf6066f73
SSDEEP

3072:aUJgICtj94+aY3pPVgKkUGhBti3Jg0otyesQK42yLFjxFd:aUantjvaYrgK0Bt2SHtLSwHL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ebb3a6844ea349dc44cc5fde2802216

Files

4ebb3a6844ea349dc44cc5fde2802216
.exe windows:4 windows x86 arch:x86

ab7e0fd8a3906872be6f769e6540c058

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
CreateEventA
GetModuleFileNameW
GetCommandLineA
MultiByteToWideChar
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrlenW
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceA
GlobalAlloc
GlobalUnlock
GlobalLock
DeleteCriticalSection
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetFileAttributesA
GetFileAttributesW
GetVersionExA
FindClose
FindNextFileW
FindFirstFileW
FindNextFileA
FindFirstFileA
lstrcpynA
MulDiv
WriteFile
SleepEx
CreateFileA
GetModuleHandleA
ResetEvent
GetCurrentThreadId
OutputDebugStringA
DebugBreak
lstrlenA
RemoveDirectoryA
InterlockedIncrement
WaitForMultipleObjects
GetTempFileNameA
GetTempPathA
CreateProcessA
WaitForSingleObject
CloseHandle
Sleep
DeleteFileA
SetEvent
InterlockedDecrement
ExpandEnvironmentStringsA
CreateDirectoryA
WideCharToMultiByte
GetStartupInfoA

user32

SetFocus
GetSysColor
CharUpperA
GetFocus
GetWindowTextA
SetWindowTextA
SetWindowLongA
GetWindow
GetWindowLongA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateDialogIndirectParamA
IsChild
PostThreadMessageA
ReleaseDC
GetDC
CallWindowProcA
SetWindowPos
GetWindowTextLengthA
GetDesktopWindow
GetDlgItem
IsWindowVisible
SendMessageA
CharNextA
wvsprintfA
LoadStringA
PostMessageA
LoadImageA
GetSystemMetrics
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
DestroyWindow
GetClientRect
MessageBoxA
CharLowerA
ShowWindow
EnableWindow
CreateWindowExA
wsprintfA
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
GetClassNameA
RedrawWindow
IsWindow
BeginPaint
FillRect
GetWindowRect
EndPaint
IsDialogMessageA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SelectObject
GetObjectA
CreateFontIndirectA
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
CreateSolidBrush
DPtoLP
SetBkColor

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetFolderPathA
SHGetFolderPathW
ord680
SHAppBarMessage

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
LoadRegTypeLi
SysStringLen
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
SysFreeString

comctl32

InitCommonControlsEx

msvcp60

?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z

wininet

InternetReadFile
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
HttpSendRequestA
InternetCloseHandle

iphlpapi

GetAdaptersInfo

msvcrt

sscanf
strstr
ftell
realloc
strcpy
calloc
_wfopen
fseek
strlen
free
_purecall
strtok
_mbscmp
atoi
_ismbcdigit
_mbsstr
_mbsrchr
wcslen
memmove
memcpy
_beginthreadex
fopen
fread
fclose
memcmp
memset
strcat
strncpy
??2@YAPAXI@Z
__CxxFrameHandler
wcscmp
wcscat
wcscpy
strcmp
abs
_mbschr
_ismbcspace
strtoul
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
fwrite

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab7e0fd8a3906872be6f769e6540c058

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msvcp60

wininet

iphlpapi

msvcrt

Sections

.text Size: 149KB - Virtual size: 149KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 21KB - Virtual size: 22KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 21KB - Virtual size: 22KB

.rsrc
Size: 8KB - Virtual size: 8KB