118c4deb42aa54fc5bd9925436fcce30

Sharing

Copy URL Twitter E-mail

General

Target

118c4deb42aa54fc5bd9925436fcce30
Size

372KB
MD5

118c4deb42aa54fc5bd9925436fcce30
SHA1

8f437e24c38a86f0e8522c60393f880ee0461715
SHA256

f28d9b71b9dbb174e18a5177565279184b1ae66ecb1af43d5e8f711f3e2dd152
SHA512

b3c822176c431b31d5739d5d33d56de76bf965dc07746715353e153dff0ac84cd255e8616dd03ddef97c74e77a84041b302c4b4b39dfacb4c6d1bc3351fa397a
SSDEEP

6144:hDhXvU+DuWQed3ECyqZ9Y6iRw9Jwv7RJkIBi30W57g+K6DvFWAeZ0kt:hJvU+DuWQetEC39UKgi2ikW58+K6zQlC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
118c4deb42aa54fc5bd9925436fcce30

Files

118c4deb42aa54fc5bd9925436fcce30
.exe windows:4 windows x86 arch:x86

ccc3a8dd60fb224e7b3e42b902caf0cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
LoadLibraryW
GetConsoleScreenBufferInfo
WriteProfileSectionA
QueryPerformanceCounter
GetModuleFileNameW
HeapAlloc
LoadLibraryA
GetVersionExW
ExitProcess
GetVolumeInformationA
SetEnvironmentVariableW
FlushFileBuffers
GetSystemTimeAsFileTime
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetModuleHandleA
CreateEventW
GetSystemInfo
RtlUnwind
TerminateProcess
GetModuleFileNameA
HeapReAlloc
OutputDebugStringW
GetCurrentThreadId
VirtualAlloc
WritePrivateProfileStringA
GetProcAddress
SetPriorityClass
GetCurrentProcess
HeapFree
EnumCalendarInfoExA

gdi32

GetOutlineTextMetricsW
StartDocW
SetBitmapBits
SelectClipPath
CreateBrushIndirect
GetRegionData
AnimatePalette
GetBoundsRect
CloseEnhMetaFile
SetMiterLimit
StartDocA
GetKerningPairsW
SetColorAdjustment
FillRgn
PlayMetaFile
SelectPalette
ExcludeClipRect
PathToRegion
RectInRegion
ResizePalette

advapi32

RegConnectRegistryA
CryptExportKey
CryptDuplicateHash
StartServiceA
AbortSystemShutdownA
CryptCreateHash
AbortSystemShutdownW
RegEnumValueW
LookupSecurityDescriptorPartsW
RegDeleteValueA
CryptGetHashParam
StartServiceW
RegSetKeySecurity
CryptGetDefaultProviderA
CryptEnumProvidersW
CryptSetProviderA
CryptEnumProviderTypesW
LookupPrivilegeDisplayNameW
RevertToSelf
CryptGetKeyParam
RegSaveKeyW
LookupAccountSidA

shell32

ShellExecuteExA
ShellExecuteExW
DoEnvironmentSubstA
DragAcceptFiles
SHGetPathFromIDListA
RealShellExecuteW
FindExecutableA
SHLoadInProc
DragFinish
SHGetSpecialFolderPathA
ShellExecuteW

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccc3a8dd60fb224e7b3e42b902caf0cb

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

shell32

Sections

.text Size: 104KB - Virtual size: 104KB

.data Size: 262KB - Virtual size: 262KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 104KB - Virtual size: 104KB

.data
Size: 262KB - Virtual size: 262KB

.rsrc
Size: 4KB - Virtual size: 4KB