4ff52f5d9da2452cb51bf7bde99ee9be

Sharing

Copy URL Twitter E-mail

General

Target

4ff52f5d9da2452cb51bf7bde99ee9be
Size

438KB
MD5

4ff52f5d9da2452cb51bf7bde99ee9be
SHA1

f06855815f40b98e0f563ab5b9451bcf3ec22ac6
SHA256

c618959f035ad6307ba01d2169523c730e0cd6afe9c130631f42af2320d65a6e
SHA512

3cbefd5456fcb56b94434a7bdd18812fdb2f8e4c524f676cb30f0b85b03d1aac68d01474ab8d4778927c8211ca5f47292618a2375102d4dab60e0ac83898499f
SSDEEP

6144:SoKEPy2AkLULoG/bEBfsZ2zSaSgXu7Qp8XkFihr1bDQBj41pDkBHegp7:zKEPypzBbKdzSuXBpgr1bdegY7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ff52f5d9da2452cb51bf7bde99ee9be

Files

4ff52f5d9da2452cb51bf7bde99ee9be
.exe windows:4 windows x86 arch:x86

031fd4907eaec6a437e7c0f4234d0281

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetPolyFillMode
CreateMetaFileW
PolylineTo

advapi32

RegRestoreKeyW
RegSaveKeyA
RegEnumKeyExA
RegOpenKeyExA
LookupPrivilegeNameA
RegCreateKeyExA
RegReplaceKeyW
RegConnectRegistryW
InitiateSystemShutdownA
RegOpenKeyExW
CryptDecrypt
CryptGenKey
RevertToSelf
CryptReleaseContext
StartServiceW
LookupSecurityDescriptorPartsA

wininet

FindNextUrlCacheGroup
ShowClientAuthCerts
RetrieveUrlCacheEntryStreamA
FtpCreateDirectoryA
DeleteIE3Cache
InternetAlgIdToStringA
InternetShowSecurityInfoByURL

user32

RegisterClassA
CreateDesktopW
ExitWindowsEx
PostThreadMessageW
SendMessageA

kernel32

LeaveCriticalSection
FreeEnvironmentStringsW
TlsFree
GetModuleFileNameW
GetLocaleInfoW
GetDateFormatA
LocalReAlloc
GetTimeFormatA
EnumSystemLocalesA
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
HeapFree
IsValidLocale
lstrcmpW
SetLastError
GetLastError
SetEnvironmentVariableA
SetUnhandledExceptionFilter
SetHandleCount
WritePrivateProfileStringA
CompareStringA
WriteFile
GetStartupInfoA
EnterCriticalSection
DeleteCriticalSection
TlsAlloc
GetLocaleInfoA
MultiByteToWideChar
TlsGetValue
IsValidCodePage
GetStdHandle
RtlUnwind
GetProcAddress
GetCurrentProcessId
GetEnvironmentStringsW
InterlockedDecrement
InterlockedExchange
GetTimeZoneInformation
HeapDestroy
GetStringTypeA
GetCommandLineW
VirtualFree
GetStartupInfoW
GetFileType
GetOEMCP
GetModuleHandleW
QueryPerformanceCounter
ExitProcess
GetUserDefaultLCID
FreeLibrary
IsDebuggerPresent
UnhandledExceptionFilter
CompareStringW
VirtualQuery
LoadLibraryA
GetCurrentThreadId
VirtualAlloc
SetConsoleCtrlHandler
GetModuleHandleA
HeapCreate
GetSystemTimeAsFileTime
GetTickCount
WideCharToMultiByte
GetStringTypeW
HeapSize
LCMapStringW
HeapReAlloc
TlsSetValue
TerminateProcess
HeapAlloc
Sleep
GetCurrentThread
GetCPInfo
InterlockedIncrement
LCMapStringA
EnumResourceLanguagesW
GetModuleFileNameA
GetACP

shell32

SHGetFileInfo
DragQueryFileA
DragQueryFile
ExtractAssociatedIconA
CommandLineToArgvW
SHLoadInProc
SHGetDesktopFolder
FindExecutableW

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

031fd4907eaec6a437e7c0f4234d0281

Headers

File Characteristics

Imports

gdi32

advapi32

wininet

user32

kernel32

shell32

Sections

.text Size: 117KB - Virtual size: 116KB

.data Size: 309KB - Virtual size: 309KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 117KB - Virtual size: 116KB

.data
Size: 309KB - Virtual size: 309KB

.rsrc
Size: 10KB - Virtual size: 10KB