fef5d588c458463c44f4d9da5df9e65c

Sharing

Copy URL Twitter E-mail

General

Target

fef5d588c458463c44f4d9da5df9e65c
Size

310KB
MD5

fef5d588c458463c44f4d9da5df9e65c
SHA1

147fa4494a13dbb176a8bcfd52858303d9baee70
SHA256

9d739638c1a46897775cd8b5f13fc84c55a874ce5b1df8012eba20c3ab0b97b9
SHA512

8f368443f68926e6ef24a74b08a224cfdd6231399c3475e994a497dfec0360f1ee2986cfd3c71acb92556e7e1020d7fdf04f58542598000ca309e0af1f55dfad
SSDEEP

6144:0UlIstqaCivm672rDLdoVZ416x7AeC0hHLCN/b0u9i4:0UlI6tvtixQyQk0hrCN/Iu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fef5d588c458463c44f4d9da5df9e65c

Files

fef5d588c458463c44f4d9da5df9e65c
.exe windows:4 windows x86 arch:x86

c6d82e9d9ac62ded068b08a303ca7bb0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeNameW
StartServiceW
CryptEnumProviderTypesA
RegEnumValueW
RegFlushKey
CryptDestroyKey
RegEnumKeyExW
RegDeleteKeyA
RegQueryValueA
RegRestoreKeyW
RegReplaceKeyA
RegCreateKeyW
LookupSecurityDescriptorPartsA
CryptEnumProvidersA
RegQueryInfoKeyW
CryptSetKeyParam
RegOpenKeyA
CryptEnumProvidersW
CryptImportKey
RegEnumKeyW

user32

EnumClipboardFormats
SendInput
EnumPropsExW
GetMenuItemInfoW
SetPropA
CreateWindowExW
DdePostAdvise
InvertRect
GetScrollRange
GetDlgItemTextA
DestroyAcceleratorTable
MonitorFromWindow
PostQuitMessage

gdi32

DeviceCapabilitiesExA
DeleteObject
GetStockObject
ScaleViewportExtEx
GdiGetBatchLimit
GetCharWidthFloatW
StretchBlt
GetDeviceGammaRamp
GetColorSpace
GetTextMetricsA

wininet

GetUrlCacheConfigInfoW
FindFirstUrlCacheContainerW
InternetOpenA
GopherCreateLocatorA
InternetFindNextFileW
DeleteUrlCacheEntry
FindFirstUrlCacheGroup
InternetCanonicalizeUrlA
InternetOpenW
GetUrlCacheEntryInfoW

kernel32

GetEnvironmentStrings
GetFileAttributesExA
SetHandleCount
VirtualAlloc
GetStringTypeW
InterlockedExchange
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryExA
DeleteCriticalSection
GetStartupInfoA
GetProcAddress
SetEnvironmentVariableA
VirtualFree
EnumTimeFormatsA
UnhandledExceptionFilter
GetACP
HeapDestroy
TlsGetValue
GetProcessHeap
GetTimeFormatA
HeapAlloc
TlsFree
GetPrivateProfileSectionW
GetOEMCP
InterlockedDecrement
TlsSetValue
WriteFile
WideCharToMultiByte
GetVersionExA
GetPrivateProfileSectionNamesW
ReadConsoleInputW
IsDebuggerPresent
HeapReAlloc
GetLocaleInfoW
GetLastError
GetTimeZoneInformation
FreeEnvironmentStringsW
GetCurrentProcessId
IsValidCodePage
InitializeCriticalSection
GetDateFormatA
TlsAlloc
GetSystemTimeAsFileTime
GetCurrentThread
HeapCreate
HeapFree
GetTickCount
GetCommandLineA
FreeLibrary
CompareStringW
GetEnvironmentStringsW
GetStringTypeA
ExitProcess
EnumSystemLocalesA
HeapSize
SetLastError
CompareStringA
MultiByteToWideChar
QueryPerformanceCounter
LeaveCriticalSection
InterlockedIncrement
GetProcessAffinityMask
GetCPInfo
IsValidLocale
LoadLibraryA
Sleep
GetModuleHandleA
ReadConsoleA
RtlUnwind
TerminateProcess
GetStdHandle
VirtualQuery
GetUserDefaultLCID
GetLocaleInfoA
GetCurrentProcess
LCMapStringW
SetConsoleCtrlHandler
GetFileType
EnterCriticalSection
LCMapStringA
FreeEnvironmentStringsA

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6d82e9d9ac62ded068b08a303ca7bb0

Headers

File Characteristics

Imports

advapi32

user32

gdi32

wininet

kernel32

Sections

.text Size: 161KB - Virtual size: 160KB

.data Size: 140KB - Virtual size: 139KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 161KB - Virtual size: 160KB

.data
Size: 140KB - Virtual size: 139KB

.rsrc
Size: 8KB - Virtual size: 8KB