04645eefb1ad7b96315acb36237387bb

General

Target

04645eefb1ad7b96315acb36237387bb
Size

41KB
MD5

04645eefb1ad7b96315acb36237387bb
SHA1

eff7a22113d9dc1ec901e900056daf44aa418c09
SHA256

210559ef8a6996297384b50d3b7a0e170ee3b24e23acd50f5a7d55252c513c6e
SHA512

68552f53f65b12a40b5e8db5d8b4c1b48a61c5b25ed0864c3eeb9bce649ec98ac1dcf11b0cda4e651865db4b70cc8a0d629bfa08c517234aa0739e7485c5f798
SSDEEP

768:ChILW5OyRstOCjdpChIuKiGMeHxIAbN8:ChIy5OyetOCZxuKiWHCAbN8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04645eefb1ad7b96315acb36237387bb

Files

04645eefb1ad7b96315acb36237387bb
.exe .vbs windows:4 windows x86 arch:x86 polyglot

b06a131b2918583f940839b6ad47437b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
FindClose
DeleteFileA
lstrcmpA
FindNextFileA
FindFirstFileA
lstrcatA
lstrcpyA
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
MoveFileA
GetFileAttributesA
WritePrivateProfileStringA
CopyFileA
GetWindowsDirectoryA
GetProcAddress
LoadLibraryA
GetTempPathA
ExpandEnvironmentStringsA
GetSystemDirectoryA
FreeLibrary
LocalFree
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
GetVersionExA
GetModuleHandleA
lstrlenA
WriteFile
LockResource
CreateFileA
LoadResource
SizeofResource
FindResourceA
GetModuleFileNameA
CreateDirectoryA
SetFileAttributesA
WinExec
Sleep
CreateThread
CreateMutexA
GetLastError
GetLocalTime
CloseHandle

user32

wsprintfA
GetForegroundWindow
FindWindowExA
PostMessageA
GetCursorPos
WindowFromPoint
GetParent
GetWindowTextA
keybd_event

advapi32

RegCloseKey
RegEnumKeyA
RegCreateKeyA
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegSetValueExA
RegSetValueA
RegDeleteKeyA

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
exit
memset
fclose
fwrite
fread
fopen
fputs
sprintf
strcmp
_access
strcat
strcpy
strlen
??2@YAPAXI@Z
strstr
printf
fseek
rand
srand
time
memcpy
fscanf
fprintf
free
calloc
_iob
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

WSAStartup
WSACleanup
gethostbyname
gethostname

Sections

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b06a131b2918583f940839b6ad47437b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

wininet

ws2_32

Sections

.data Size: 22KB - Virtual size: 22KB

.rsrc Size: 17KB - Virtual size: 17KB

.data
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 17KB - Virtual size: 17KB