1edb7d26114309321970126795120adf

Sharing

Copy URL Twitter E-mail

General

Target

1edb7d26114309321970126795120adf
Size

504KB
MD5

1edb7d26114309321970126795120adf
SHA1

6d10202a3a3693b0c14c0759d470b9bb41a8b951
SHA256

04e514261454e6b19ef3d705a4e050c12edaea70291f370939eb142549066055
SHA512

aa1b9d65ae61dbaa501ca6af450180bf47f19f24cbccb1f24a8c6de46ed47f16d53810969fccd089283098e63508ee4f9260168b9a84bad4ed8b44fea675ac86
SSDEEP

12288:/F5YHQmCFZrUTs/Hl6oP9vVseCJb6WJu893ElVsJm/:zO+F+Ts/HoydsnWjVsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1edb7d26114309321970126795120adf

Files

1edb7d26114309321970126795120adf
.exe windows:4 windows x86 arch:x86

8b5a10733dc62339fc41d48b76bd9565

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileA
DoEnvironmentSubstA

comctl32

InitCommonControlsEx

kernel32

GetProfileIntW
GetTimeFormatA
GetVersionExA
GetModuleFileNameW
OpenMutexA
GetSystemTimeAsFileTime
GetStdHandle
GetProcAddress
GetSystemDefaultLCID
LoadLibraryA
GetCurrentThreadId
GetTimeZoneInformation
TlsSetValue
HeapDestroy
IsValidLocale
VirtualFree
RtlUnwind
GetCurrentProcessId
EnterCriticalSection
GetLastError
GetSystemInfo
GetModuleHandleA
GetCPInfo
IsBadWritePtr
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStringsW
GetStartupInfoW
FoldStringW
GetCurrentThread
HeapFree
GetEnvironmentStrings
lstrlenA
ExitProcess
SetEnvironmentVariableA
HeapReAlloc
TlsFree
GetDateFormatA
EnumSystemLocalesA
SetStdHandle
MultiByteToWideChar
VirtualProtect
GetStringTypeW
GetTickCount
ReadFile
FlushFileBuffers
GetCommandLineW
GetStringTypeA
DeleteCriticalSection
WriteConsoleOutputCharacterA
QueryPerformanceCounter
GetOEMCP
TerminateProcess
CloseHandle
CompareStringW
TlsGetValue
GetCurrentProcess
WideCharToMultiByte
IsValidCodePage
CreateMutexA
InterlockedExchange
UnhandledExceptionFilter
HeapSize
TlsAlloc
GetACP
FreeEnvironmentStringsW
HeapAlloc
CompareStringA
GetStartupInfoA
LeaveCriticalSection
SetFilePointer
GetFileAttributesExW
SetLastError
VirtualQuery
VirtualAlloc
InitializeCriticalSection
GetFileType
GetUserDefaultLCID
LCMapStringW
SetHandleCount
GetModuleFileNameA
GetLocaleInfoW
GetCommandLineA
LCMapStringA
GetLocaleInfoA
WriteFile

user32

ChildWindowFromPointEx
RegisterClassExA
GetKeyState
GetUserObjectInformationW
GetMenuState
LoadMenuIndirectW
GrayStringW
DrawFrame
ModifyMenuA
ShowWindow
CharLowerA
ReleaseCapture
DdeSetUserHandle
WinHelpA
GetClipboardFormatNameW
RegisterClassA
SetTimer
GetTabbedTextExtentW
SetClassLongW
GetKeyboardState

advapi32

CryptCreateHash
CryptVerifySignatureA
CryptSetHashParam
RegSaveKeyA
RegLoadKeyW
LookupPrivilegeValueA
DuplicateToken
RegQueryValueW
CryptDeriveKey
CryptGetProvParam
RevertToSelf
RegEnumKeyExA
CryptDestroyKey
CryptEncrypt

comdlg32

FindTextA
GetFileTitleA
PageSetupDlgA

wininet

FtpGetFileSize
InternetDialW
HttpCheckDavCompliance
HttpSendRequestW

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b5a10733dc62339fc41d48b76bd9565

Headers

File Characteristics

Imports

shell32

comctl32

kernel32

user32

advapi32

comdlg32

wininet

Sections

.text Size: 310KB - Virtual size: 309KB

.rdata Size: 69KB - Virtual size: 89KB

.data Size: 105KB - Virtual size: 104KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 69KB - Virtual size: 89KB

.data
Size: 105KB - Virtual size: 104KB

.rsrc
Size: 18KB - Virtual size: 18KB