4ed78a917ceddca96af72616dc868453

Sharing

Copy URL Twitter E-mail

General

Target

4ed78a917ceddca96af72616dc868453
Size

60KB
MD5

4ed78a917ceddca96af72616dc868453
SHA1

7c6f9597c035dcf4ba5953c5c7e2a0a9583635e6
SHA256

783ae05e0730c77ecc39cdf971413c250de6a2872ca717f1fe2aa349d4560b69
SHA512

d925c1933eefd7d943d5f46ea033f5288b9d2f4d11e8871ff962ebd5d2e537e6eaefd33af78b051dec4bd2f0c1303e04d5706d6bb81cebaa05b7103852514811
SSDEEP

768:NpGhAHIU4NuqCi+04vGFJY2ONdaq3D4Gt4gi1xg8B:EU4rY0BJzsUI4GtliA8B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ed78a917ceddca96af72616dc868453

Files

4ed78a917ceddca96af72616dc868453
.exe windows:4 windows x86 arch:x86

e7a66888fccff9ca9d066e50650584e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mso97

ord844
ord535
ord580
ord20
ord395
ord690
ord821
ord589
ord406
ord322
ord629
ord630
ord923
ord304
ord884
ord877
ord930
ord639
ord413
ord796
ord881
ord883
ord425
ord670
ord929
ord925
ord887
ord931
ord295
ord448
ord12
ord394
ord894
ord880
ord783
ord663
ord321
ord551
ord540
ord815
ord933
ord817
ord833
ord652
ord726
ord270
ord499
ord878

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueA
RegEnumValueA

gdi32

CreateFontIndirectA
GetDeviceCaps
GetStockObject
DeleteObject
ExtTextOutW
SelectObject
SelectPalette
RealizePalette

kernel32

GetCurrentDirectoryA
lstrcatA
OpenFile
ReadFile
CloseHandle
FindFirstFileA
FindClose
GlobalSize
lstrcpyA
GetVersion
WinExec
GlobalHandle
GetModuleFileNameA
lstrlenA
SetCurrentDirectoryA
GetTempFileNameA
MultiByteToWideChar
GetTempPathA
MulDiv
InterlockedDecrement
DeleteFileA
LocalAlloc
LocalFree
InterlockedIncrement
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GlobalUnlock
GlobalFree
GlobalLock
GetCommandLineA
IsDBCSLeadByte
GetLastError
GetModuleHandleA
ExitProcess
GetStartupInfoA
Sleep

ole32

CoInitialize
CoRegisterClassObject
StgCreateDocfile
CreateFileMoniker
GetRunningObjectTable
CoUninitialize
OleInitialize
OleUninitialize
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject

user32

ReuseDDElParam
WinHelpA
EnumWindows
LoadCursorA
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeQueryConvInfo
DdeFreeStringHandle
DispatchMessageA
TranslateMessage
GetMessageA
DestroyWindow
FreeDDElParam
UnpackDDElParam
PostMessageA
PackDDElParam
SendMessageA
DrawMenuBar
DeleteMenu
GetMenuItemCount
GetSystemMenu
CreateWindowExA
GetSystemMetrics
FindWindowA
RegisterClassExA
DdeUninitialize
LoadIconA
ReleaseDC
GetDC
DefWindowProcA
GetParent
DdeClientTransaction
PostQuitMessage
DdeDisconnect
GetActiveWindow
EnableWindow
GetClassNameA
GetWindowThreadProcessId
SetFocus
SetActiveWindow
IsIconic
UnregisterClassA
RegisterClassA
SetForegroundWindow
ShowWindow
GetDesktopWindow
SystemParametersInfoA
MessageBoxA
MessageBeep

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

FindExecutableA

osaintl

_HinstIntl@0

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 196B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7a66888fccff9ca9d066e50650584e1

Headers

File Characteristics

Imports

mso97

advapi32

gdi32

kernel32

ole32

user32

version

shell32

osaintl

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 196B - Virtual size: 196B

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 196B - Virtual size: 196B

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 1KB - Virtual size: 1KB