7c42b255083384744567dc00286cb551

Sharing

Copy URL Twitter E-mail

General

Target

7c42b255083384744567dc00286cb551
Size

91KB
MD5

7c42b255083384744567dc00286cb551
SHA1

60e8e259c6c045ee432ffd26f8a587861cf72abf
SHA256

73f82559e7e3e42db3e7d91388573f2de0dfb09e0801819c389cc2b322080205
SHA512

864074b772bd9665fb7897e9c52a0879d9f66725aeff9e0b972fd5445d76d977c5d233ae9eb8965c77f4915f69e9f694464a17a5689855932226c7f2600b0944
SSDEEP

1536:o6NRLqcqrDla1ENkixDjx1mNbWTgVBRpd2u3soydzvTSOGruN:3Lqcqra/ipjxdTg7Rpd2ufWw2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c42b255083384744567dc00286cb551

Files

7c42b255083384744567dc00286cb551
.exe windows:4 windows x86 arch:x86

4f28883aa4394515a727f1d6b6e8db67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache

npcomm

?getNewEndpoint@NpcPipeEndpoint@@SAPAV1@XZ
?releaseEndpoint@NpcPipeEndpoint@@SAXPAV1@@Z

bdutils

?Trace@CBDDebug@@QAAXPB_WZZ
??0CBDDebug@@QAE@H@Z
??1CBDDebug@@QAE@XZ

mfc80u

ord764
ord265
ord266
ord1182

msvcr80

_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
memset
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
__p__fmode
_crt_debugger_hook
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_mktime64
wcscat_s
wcsrchr
swprintf_s
_initterm
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
__p__commode
_decode_pointer

kernel32

GetCurrentThreadId
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SetLastError
Sleep
FileTimeToSystemTime
GetSystemTime
CopyFileW
FindFirstFileW
FindClose
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetLastError
GetVersionExW
GetTickCount

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

UrlGetPartW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f28883aa4394515a727f1d6b6e8db67

Headers

File Characteristics

Imports

wininet

npcomm

bdutils

mfc80u

msvcr80

kernel32

advapi32

shlwapi

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 11KB

.wrdata Size: 68KB - Virtual size: 68KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 11KB

.wrdata
Size: 68KB - Virtual size: 68KB