21dcc31dd6488705479a4239465cc04f

Sharing

Copy URL Twitter E-mail

General

Target

21dcc31dd6488705479a4239465cc04f
Size

418KB
MD5

21dcc31dd6488705479a4239465cc04f
SHA1

66d216bf5f0edd5ed32507a3c5a99017569d32c3
SHA256

6c09faf62224df27350b7ca424f9cb9cba44127f36e913dfbacdae7a39d5acc5
SHA512

02a89e9bd1618b040f3939ff7597d19899a8faf88d3585a27867aaaead1b7aa3003174ec4e444f9a613cf7d13dc113ec0a77596d7fd72d4f9cb224cabd03f920
SSDEEP

6144:NTlqya3Ky8VLyAc9lBRKmNiVt+XabWBSG9+oO/e5NTb3km2begoI4S7syIByG2tG:mn3r0mS1TEaCBSGooKe5NTbKX4IINyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21dcc31dd6488705479a4239465cc04f

Files

21dcc31dd6488705479a4239465cc04f
.exe windows:4 windows x86 arch:x86

f0e0d571bdc83959ee456fdd00c852cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpGetFileW
InternetGetConnectedStateEx
FtpCommandW
InternetReadFileExW
InternetGetCertByURL
InternetQueryOptionA
InternetGetCertByURLA

user32

DrawTextExA
WindowFromPoint
GetWindowRect
BeginDeferWindowPos
ScrollWindowEx
RegisterClassExW
VkKeyScanExW
ChangeDisplaySettingsExW
GetDCEx
EnumPropsA

kernel32

GetSystemInfo
IsValidLocale
TlsSetValue
LCMapStringW
GetSystemTimeAsFileTime
SetHandleCount
GetEnvironmentStrings
GetCurrentProcessId
IsBadWritePtr
FreeEnvironmentStringsW
VirtualQuery
RtlUnwind
GetProcAddress
LoadLibraryA
GetStringTypeW
GetEnvironmentStringsW
DeleteCriticalSection
VirtualFree
GetACP
LCMapStringA
ReadConsoleW
GetTimeFormatA
CompareStringA
InterlockedExchange
GetUserDefaultLCID
FreeEnvironmentStringsA
GetOEMCP
GetSystemTime
GetCurrentProcess
TlsFree
GetLocaleInfoA
GetCPInfo
GetCommandLineA
InitializeCriticalSection
MultiByteToWideChar
GetTimeZoneInformation
GetStringTypeA
HeapSize
EnumCalendarInfoA
HeapAlloc
SuspendThread
GetLastError
HeapCreate
GetCurrentThreadId
GetFileType
GetLocaleInfoW
GetConsoleOutputCP
GetStartupInfoW
QueryPerformanceCounter
GetModuleHandleA
SetLastError
EnumSystemLocalesA
GetTickCount
AddAtomA
GetModuleFileNameW
HeapDestroy
HeapFree
GetStartupInfoA
GetCurrentThread
SetVolumeLabelW
WriteFile
VirtualProtect
TlsGetValue
GetModuleFileNameA
EnterCriticalSection
FormatMessageA
VirtualAlloc
SetEnvironmentVariableA
HeapReAlloc
GetCommandLineW
GetDateFormatA
TerminateProcess
GetStdHandle
TlsAlloc
LoadResource
UnhandledExceptionFilter
GetDriveTypeW
WideCharToMultiByte
CompareStringW
lstrcmpiA
GetVersionExA
GetLocalTime
ExitProcess
IsValidCodePage
LeaveCriticalSection

shell32

FindExecutableA
SHChangeNotify
SHGetFileInfoA

comdlg32

GetSaveFileNameA
FindTextA

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0e0d571bdc83959ee456fdd00c852cd

Headers

File Characteristics

Imports

wininet

user32

kernel32

shell32

comdlg32

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 7KB - Virtual size: 16KB

.data Size: 277KB - Virtual size: 277KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 7KB - Virtual size: 16KB

.data
Size: 277KB - Virtual size: 277KB

.rsrc
Size: 16KB - Virtual size: 16KB