72476540842bd54325c52c1e458d1005

Sharing

Copy URL Twitter E-mail

General

Target

72476540842bd54325c52c1e458d1005
Size

456KB
MD5

72476540842bd54325c52c1e458d1005
SHA1

09eb1eff21afcb34c493629c99e7b23785c46dcf
SHA256

18e120a73984b76a2d2f202a536ed012e44dfba1bb3d92887926da3bbb76761e
SHA512

02fdd735df75eaeff68eb57860538959c1d6a119520085d66db08aecf8273602ffa3de98e68610d5770d797f5a46efa2304ac7f692d845a30b98a53e6bdea7ef
SSDEEP

12288:8SafnKXTH6Ib7a9fQlNrIEekmJfsTzGIhyB34:8SafUTHRaSvvmNsTCIhw4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72476540842bd54325c52c1e458d1005

Files

72476540842bd54325c52c1e458d1005
.exe windows:4 windows x86 arch:x86

f0af45fe2c4d9aade870a2a459142c96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
ReleaseMutex
CreateMutexW
LocalAlloc
InterlockedDecrement
LocalFree
WritePrivateProfileSectionW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
FindFirstFileW
FindClose
lstrcmpW
FormatMessageW
GetFullPathNameW
FreeLibrary
InterlockedIncrement
GlobalLock
GlobalUnlock
lstrlenW
lstrcpyW
CompareStringW
GlobalAlloc
GlobalFree
OutputDebugStringA
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
DeleteFileW
ReadFile
WriteFile
CreateFileW
GetTempFileNameW
GetLongPathNameW
GetSystemDirectoryW
GetTempPathW
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapDestroy
SetThreadPriority
WaitForSingleObjectEx
QueueUserAPC
CreateEventW
CreateThread
CloseHandle
SetEvent
ResetEvent
Sleep
WaitForSingleObject
GetCommandLineA
lstrcmpiW
VirtualProtect
GetStartupInfoA

user32

GetWindowLongW
DefWindowProcW
MsgWaitForMultipleObjects
DispatchMessageW
UnregisterDeviceNotification
DestroyWindow
BeginPaint
GetClientRect
EndPaint
PostQuitMessage
RegisterDeviceNotificationW
SetWindowLongW
TranslateMessage
MonitorFromPoint
GetDC
GetDlgItem
IsWindowVisible
GetWindowRect
LoadImageW
SendMessageW
MessageBoxW
LoadStringW
RegisterClipboardFormatW
GetFocus
SetFocus
GetParent
MapWindowPoints
InflateRect
GetSysColorBrush
FrameRect
GetSysColor
GetScrollInfo
IsWindowEnabled
ReleaseDC
PostMessageW
GetDlgCtrlID
DrawFocusRect

advapi32

GetSidLengthRequired
GetSidSubAuthority
SetTokenInformation
RegCloseKey
RegQueryValueExW
CreateProcessAsUserW
SetKernelObjectSecurity
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExW
SetServiceStatus
GetSecurityDescriptorLength
GetSecurityDescriptorControl
RegQueryInfoKeyW
ConvertSecurityDescriptorToStringSecurityDescriptorW
IsValidSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountSidW
IsValidSid
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
MakeSelfRelativeSD
InitializeSid

gdi32

SetBkColor
SetTextColor

ole32

CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
RpcAsyncCompleteCall
RpcServerUseProtseqW
RpcServerInqBindings
RpcBindingSetAuthInfoW
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingSetOption
RpcBindingFree
RpcServerRegisterIfEx
RpcEpUnregister
RpcServerUnregisterIf
RpcEpRegisterW
RpcBindingVectorFree

msvcrt

__setusermatherr
__getmainargs
_acmdln
exit
_XcptFilter
_exit
wcscpy
_wcslwr
wcscmp
_wcsicmp
_CxxThrowException
wcslen
malloc
_wcsnicmp
wcschr
_adjust_fdiv
_wtol
wcsncpy
_wchdir
setlocale
wcscat
_wfindfirst
_findclose
vswprintf
_amsg_exit
_initterm
free
memset
wcsrchr
_except_handler3
memcpy
__p__fmode
__set_app_type
_controlfp
__p__commode

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 364KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0af45fe2c4d9aade870a2a459142c96

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

msvcrt

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 364KB - Virtual size: 725KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 364KB - Virtual size: 725KB

.rsrc
Size: 16KB - Virtual size: 13KB