157d00df8f27b6b74634fd97f57a07b0

Sharing

Copy URL

Twitter E-mail

General

Target

157d00df8f27b6b74634fd97f57a07b0
Size

409KB
MD5

157d00df8f27b6b74634fd97f57a07b0
SHA1

888e92f5c8d67123f981e89d3eae607f2310e60f
SHA256

9851a8555d47ab884169e6bf4507ca8607cacb6828b9eb8466c09b62833178f0
SHA512

c55cb7a239ee4cbe10918d93226a3c7be92710951ea3cfa898b5bc636d5c0aba941ca0f9e04df887b6cdc9ece47568759dbb9738f15ba34ce141b643d1d599a6
SSDEEP

12288:SNTPrdma+5nZ9nM2ys+tmrYBkvM7qYHJPiw6CAY5cRb:EFBkvnoD65Y5cV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
157d00df8f27b6b74634fd97f57a07b0

Files

157d00df8f27b6b74634fd97f57a07b0
.exe windows:4 windows x86 arch:x86

df4f14e3ebdcb395c35d482d5991e4ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetVersionExA
GetAtomNameA
GetThreadLocale
GetStringTypeA
EnterCriticalSection
HeapAlloc
LoadLibraryA
WideCharToMultiByte
SetLastError
GlobalFlags
EnumDateFormatsA
DeleteCriticalSection
GetDateFormatA
VirtualFree
VirtualProtect
GetCommandLineW
GetTimeFormatA
GetTimeZoneInformation
CompareStringA
TlsSetValue
GetLastError
GetUserDefaultLCID
GetLocaleInfoA
CompareFileTime
HeapSize
GetStartupInfoW
GetSystemInfo
GetProcAddress
FreeEnvironmentStringsA
GetStringTypeW
HeapFree
FlushInstructionCache
GetFileType
GlobalHandle
InitializeCriticalSection
VirtualQuery
SetHandleCount
IsBadWritePtr
TlsFree
GetCurrentThread
IsValidCodePage
WriteFile
GetStdHandle
HeapReAlloc
SetEnvironmentVariableA
ExitProcess
EnumSystemLocalesA
CompareStringW
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
LCMapStringW
GetModuleHandleA
GetOEMCP
IsValidLocale
LCMapStringA
GetCurrentThreadId
TlsGetValue
HeapCreate
GetEnvironmentStringsW
GetStartupInfoA
GetCurrentProcessId
GetModuleFileNameA
LeaveCriticalSection
GetEnvironmentStrings
ExpandEnvironmentStringsW
GetTickCount
HeapDestroy
GetCPInfo
GetModuleFileNameW
UnhandledExceptionFilter
TlsAlloc
RtlUnwind
GetLocaleInfoW
GetSystemTimeAsFileTime
InterlockedExchange
MultiByteToWideChar
GetACP
FreeEnvironmentStringsW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
GetSaveFileNameA
ReplaceTextW
LoadAlterBitmap
ChooseColorW
ChooseColorA
ReplaceTextA
FindTextW
PageSetupDlgA
GetFileTitleW

advapi32

RegDeleteKeyA
LookupSecurityDescriptorPartsA
RegSetValueW
RegSetKeySecurity
RegSetValueA
InitiateSystemShutdownW
RegConnectRegistryW
LookupPrivilegeValueW
CryptGetUserKey
RegQueryValueW

wininet

InternetOpenUrlW
InternetGetConnectedState
GopherOpenFileW
InternetReadFileExA
HttpSendRequestW
GetUrlCacheGroupAttributeW
InternetSetFilePointer
InternetCombineUrlA
FtpFindFirstFileA
DeleteUrlCacheGroup
GetUrlCacheEntryInfoExA
InternetWriteFileExW
SetUrlCacheGroupAttributeW
InternetSecurityProtocolToStringA
FtpSetCurrentDirectoryW
GopherFindFirstFileW
CreateUrlCacheGroup
InternetDial
FindNextUrlCacheGroup
FtpGetCurrentDirectoryW
InternetFindNextFileA
InternetCanonicalizeUrlA
HttpAddRequestHeadersW
HttpSendRequestExA

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df4f14e3ebdcb395c35d482d5991e4ea

Headers

File Characteristics

Imports

kernel32

comdlg32

advapi32

wininet

Sections

.text Size: 122KB - Virtual size: 122KB

.data Size: 277KB - Virtual size: 307KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 122KB - Virtual size: 122KB

.data
Size: 277KB - Virtual size: 307KB

.rsrc
Size: 9KB - Virtual size: 8KB