1e4463f446e7d4120e54bbb2301812b6

Sharing

Copy URL Twitter E-mail

General

Target

1e4463f446e7d4120e54bbb2301812b6
Size

136KB
MD5

1e4463f446e7d4120e54bbb2301812b6
SHA1

7b06dc71401d4a59037284108aeb96909273bd3e
SHA256

b7d6e5a331f32228eaf0607aede6b4fb27b2bc8aeb638bfc11e595d6680d48a4
SHA512

f590218b8837819bd6b10ee9716a6c32a5166237d2c2c0cc01ffd5435a01b1b56161abb83b5a4f916e1bd31cfb7a717c384ab21217a6a723e305d21d94644491
SSDEEP

3072:UR3BBU5phKfilWy9FjgaNT0qoEEa5DGnCa6nE6MNpYb:URxBUvKfG3Fj8mEa5DGnzGE6t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e4463f446e7d4120e54bbb2301812b6

Files

1e4463f446e7d4120e54bbb2301812b6
.exe windows:4 windows x86 arch:x86

6a109bffcfcbf13955cb325e27cf130c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetTickCount
SetFilePointer
CreateFileA
GetFileSize
CloseHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
DeleteFileA
MoveFileA
WaitForSingleObject
CreateProcessA
CreateThread
SuspendThread
ResumeThread
WinExec
GetModuleFileNameA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
TlsGetValue
SetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc

user32

FillRect
DialogBoxParamA
MessageBoxA
GetDlgItemTextA
SetWindowTextA
SetDlgItemTextA
GetWindowTextA
EnableWindow
BeginPaint
GetClientRect
GetDlgItem
EndPaint
LoadIconA
SendMessageA

gdi32

SelectObject
SetBkMode
CreateSolidBrush

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegSetValueExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

wininet

HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCloseHandle
InternetSetFilePointer
InternetOpenUrlA

shlwapi

PathFileExistsA

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a109bffcfcbf13955cb325e27cf130c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

shlwapi

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 52KB - Virtual size: 50KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 52KB - Virtual size: 50KB