09872f47d39b9f7bedc4d2c390de137a

Sharing

Copy URL Twitter E-mail

General

Target

09872f47d39b9f7bedc4d2c390de137a
Size

534KB
MD5

09872f47d39b9f7bedc4d2c390de137a
SHA1

f1175d1ee4c4f907784171030678db9d12796e35
SHA256

b516e996262e905bb636643685af88e5d5d7608c1326c14875d4be36d4457b72
SHA512

88c284414ab549ae0b0834dd09404f747ec6773eae5026bcce02c403cc3e7da4f2685164860e3c45e7bcb9682d0976384af3e7205d913cd002b6046b257e607e
SSDEEP

12288:lZSfiJSPdGFve0738EissjyjOVgi7QM0WtYL0NXLEB:lZ7SP4xe0738EijyjOai7dFtY1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09872f47d39b9f7bedc4d2c390de137a

Files

09872f47d39b9f7bedc4d2c390de137a
.exe windows:4 windows x86 arch:x86

41ba9de50e0751d59d69334b3026ede1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shell32

ExtractIconW
ShellAboutA
SHGetDataFromIDListW
RealShellExecuteW
SHFreeNameMappings

kernel32

GetLocaleInfoW
FreeEnvironmentStringsW
GlobalFix
RtlUnwind
WriteConsoleW
GetCommandLineA
GetModuleHandleA
GetProcAddress
ReadFile
GetTimeZoneInformation
InterlockedIncrement
GetUserDefaultLCID
QueryPerformanceCounter
GlobalUnlock
LeaveCriticalSection
FlushFileBuffers
GetProcessHeap
SetHandleCount
GetTimeFormatA
GetStringTypeA
HeapCreate
TerminateProcess
HeapSize
GetCurrentProcessId
IsValidCodePage
VirtualQuery
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
GetVersionExA
VirtualFree
Sleep
GetConsoleMode
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCPInfo
GetDateFormatA
MultiByteToWideChar
IsDebuggerPresent
InitializeCriticalSection
GetConsoleCP
SetEnvironmentVariableA
WriteConsoleA
FreeLibrary
CompareStringW
IsValidLocale
GetModuleFileNameA
HeapFree
HeapReAlloc
GetCurrentProcess
GetACP
VirtualUnlock
VirtualAlloc
DeleteCriticalSection
GetTickCount
HeapAlloc
GetStringTypeW
InterlockedDecrement
InterlockedExchange
WriteFile
LoadLibraryA
TlsAlloc
SetStdHandle
GetConsoleOutputCP
OpenMutexA
GetFileType
HeapDestroy
EnumSystemLocalesA
FreeEnvironmentStringsA
TlsGetValue
SetFilePointer
GetLastError
SetLastError
CompareStringA
TlsFree
CreateFileA
TlsSetValue
VirtualProtect
GetStartupInfoA
CreateMutexA
ExitProcess
EnterCriticalSection
SetConsoleCtrlHandler
GetEnvironmentStrings
GetOEMCP
GetLocaleInfoA
GetCurrentThread
GetEnvironmentStringsW
WideCharToMultiByte
CloseHandle

gdi32

Pie
GetEnhMetaFileBits
CreatePolyPolygonRgn
EnumFontsA
GetSystemPaletteUse
ExtSelectClipRgn
GetEnhMetaFilePaletteEntries
CreatePatternBrush
GetMetaFileW
GetMetaRgn
ArcTo
PolyTextOutW
GetMetaFileA
GetObjectW
DeleteColorSpace
Chord
GetTextExtentPoint32W
GetDeviceCaps

user32

DlgDirListComboBoxW
SetShellWindow
ReuseDDElParam
SendNotifyMessageW
RegisterClassExA
IsCharAlphaNumericA
RegisterClassA

wininet

FtpGetFileW
InternetCheckConnectionW
ShowClientAuthCerts
InternetSetDialStateW
GopherCreateLocatorW
InternetCrackUrlW
InternetCanonicalizeUrlW
RunOnceUrlCache

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41ba9de50e0751d59d69334b3026ede1

Headers

File Characteristics

Imports

comctl32

shell32

kernel32

gdi32

user32

wininet

Sections

.text Size: 202KB - Virtual size: 201KB

.rdata Size: 10KB - Virtual size: 41KB

.data Size: 316KB - Virtual size: 316KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 202KB - Virtual size: 201KB

.rdata
Size: 10KB - Virtual size: 41KB

.data
Size: 316KB - Virtual size: 316KB

.rsrc
Size: 5KB - Virtual size: 4KB