ff1a9d95386d9ed2762d39e14c8c65e5

Sharing

Copy URL

Twitter E-mail

General

Target

ff1a9d95386d9ed2762d39e14c8c65e5
Size

228KB
MD5

ff1a9d95386d9ed2762d39e14c8c65e5
SHA1

31fafec4e20452160ba79027790c8df2e4386a1c
SHA256

c1bfebcf4ea925721b315e757b4ab944676108a460242603b91bb1775e410861
SHA512

eef4f778133f78dba25594055a3019f8e74ca9e0cc8c6b4c6d4db77b7c448005b1f100667bb4ef62d8a3194ae5e1b34962020335af49fc676c9e7a53c7c64d99
SSDEEP

3072:9Sm5IMCDWI7envA9ZPP7HnZJWuQLIuFoyEixAenudV8Nc9v9Tl7h:9Sm5wWI7+knlbQLIuCQxARWNcDhh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff1a9d95386d9ed2762d39e14c8c65e5

Files

ff1a9d95386d9ed2762d39e14c8c65e5
.exe windows:4 windows x86 arch:x86

4edd50a0dd27eed23803fb339d368dd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

kernel32

InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetModuleFileNameA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
GetLastError
GetProcessHeap
WideCharToMultiByte
HeapFree
lstrlenA
HeapAlloc
DeleteFileA
HeapReAlloc
InterlockedDecrement
SetFileAttributesA
CopyFileA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
Sleep
CloseHandle
WriteFile
CreateFileA
GetTempPathA
LeaveCriticalSection
WinExec
GetVersion
lstrcmpiA
GetCurrentThreadId
CreateThread
CreateEventA
lstrcpynA
lstrcpyA
lstrcatA
InterlockedIncrement
SetEvent
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
GetCommandLineA
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentProcess
RemoveDirectoryA
GetSystemTimeAsFileTime
RtlUnwind
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
TlsSetValue
TlsGetValue
LCMapStringA
LCMapStringW
lstrlenW
ExitProcess
LocalFree
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
ReadFile
SetEndOfFile
FlushFileBuffers
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
SetFilePointer
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr

user32

PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
CharNextA
CharUpperA
SetTimer
wsprintfA

comdlg32

GetFileTitleA

advapi32

RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetMalloc
ShellExecuteA
SHGetDesktopFolder
SHGetPathFromIDListA

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoRegisterClassObject
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoRevokeClassObject

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringLen
VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

shlwapi

PathFileExistsA
PathFindExtensionA

ws2_32

WSASocketA
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4edd50a0dd27eed23803fb339d368dd5

Headers

File Characteristics

Imports

wininet

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 664B