78fcda46a865aa2d132f8bf97a9b4721

Sharing

Copy URL Twitter E-mail

General

Target

78fcda46a865aa2d132f8bf97a9b4721
Size

455KB
MD5

78fcda46a865aa2d132f8bf97a9b4721
SHA1

3e485e8cdcb620ed0950ac1467a12940677bd13d
SHA256

7ddcda258337c09a6cba544c8c8b71c2b037bac82be73bc406ddfd4f5d519e11
SHA512

1f86572c7a2f720b329ac817161f4c4b750f9c06fe61760422cb9358c4898da1489a39c81610aa658ca85b959aa1fb1846f3646280c5bfcc5d0ff3ef42f1c89a
SSDEEP

12288:qtzz1L+Af/WL7UWmr4t1y5O6U2bGFKkm1Hvc+DU87g3e5E18:azALhKU2bGEkm18Y4e5p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78fcda46a865aa2d132f8bf97a9b4721

Files

78fcda46a865aa2d132f8bf97a9b4721
.exe windows:4 windows x86 arch:x86

e6001f0346f55a1843bfd86a2630dd7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

FindTextA
GetFileTitleA

gdi32

PlgBlt
DeleteEnhMetaFile
ExtTextOutA
SetPixelV
PtVisible
GetCharABCWidthsW
SetTextAlign
StretchDIBits

shell32

RealShellExecuteA
SHBrowseForFolderW
DragFinish
ShellExecuteExW
SHGetDiskFreeSpaceA
SHChangeNotify
SHGetNewLinkInfo
SHGetPathFromIDListA

advapi32

CryptDecrypt
RegOpenKeyExA
CryptSetProviderW
DuplicateTokenEx
CryptSignHashW
RegOpenKeyA
AbortSystemShutdownW
RegSaveKeyA
LookupAccountNameA
RegCreateKeyW
RegLoadKeyW
CryptSetProviderA

kernel32

GetLastError
EnumSystemLocalesA
GetLocaleInfoA
GetCurrentProcessId
LeaveCriticalSection
HeapCreate
GetStdHandle
SetUnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
RtlUnwind
GetEnvironmentStrings
GetSystemTimeAsFileTime
HeapDestroy
GetStartupInfoW
GetDateFormatA
VirtualQuery
CompareStringA
LocalAlloc
GetACP
GetVersionExA
GetLocaleInfoW
GlobalFree
GetCommandLineW
WideCharToMultiByte
GetModuleFileNameW
SetConsoleCtrlHandler
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
IsValidCodePage
DeleteFileA
MultiByteToWideChar
GetProcAddress
TlsAlloc
LCMapStringW
TlsGetValue
GetStartupInfoA
ExitProcess
Sleep
FreeLibrary
GetStringTypeA
GetProcessHeap
InterlockedIncrement
TlsSetValue
LCMapStringA
GetTickCount
IsDebuggerPresent
GlobalUnfix
GetCommandLineA
FreeEnvironmentStringsA
HeapAlloc
GetStringTypeW
SetHandleCount
FreeEnvironmentStringsW
LoadLibraryA
GetEnvironmentStringsW
LoadLibraryExA
GetOEMCP
InterlockedDecrement
GetCurrentProcess
QueryPerformanceCounter
CompareStringW
GetCPInfo
EnterCriticalSection
SetEnvironmentVariableA
HeapSize
HeapFree
GetTimeZoneInformation
GetCurrentThread
GetUserDefaultLCID
VirtualFree
IsValidLocale
GetTimeFormatA
WriteFile
DeleteCriticalSection
GetModuleHandleW
InterlockedExchange
TlsFree
GetThreadPriority
TerminateProcess
GetFileType
GetModuleFileNameA
GetModuleHandleA

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6001f0346f55a1843bfd86a2630dd7b

Headers

File Characteristics

Imports

comdlg32

gdi32

shell32

advapi32

kernel32

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 311KB - Virtual size: 311KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 311KB - Virtual size: 311KB

.rsrc
Size: 13KB - Virtual size: 13KB