249dda5c8cf946f77ed5c380217fa656

Sharing

Copy URL Twitter E-mail

General

Target

249dda5c8cf946f77ed5c380217fa656
Size

59KB
MD5

249dda5c8cf946f77ed5c380217fa656
SHA1

7167d82495b013924488f18745946ebb31506669
SHA256

a8a644739d525134c37eff70a605f043fa38877879391afc3d80c7502569b2ba
SHA512

18331be6921c57aa14355b16809cd2819ec04b04703c39c56e6244fac8fb8cc53e1cc1cdf2715f3080f50e90bd190ce571bd3b9b038428ae8e1497a4614f9c9d
SSDEEP

1536:Uc2CO4tZgIrP3YiB1LlBNgoMOjJsGwIIwIMUna939D:B2/4tZgIb3Y41ZTgajJvPFrD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
249dda5c8cf946f77ed5c380217fa656

Files

249dda5c8cf946f77ed5c380217fa656
.exe windows:4 windows x86 arch:x86

146d6b0d6c5fa313a0873416ee1f4151

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteOrphanKeyA
PathAddBackslashA
StrPBrkA
AssocCreate
SHEnumKeyExA
AssocQueryStringA
UrlHashA
SHRegEnumUSValueA
StrFormatKBSizeA
PathIsRelativeA
PathSearchAndQualifyA
PathMakePrettyA
PathMatchSpecA
PathRemoveFileSpecA
UrlGetLocationA
UrlCombineA
HashData
PathFindOnPathA
SHSkipJunction
SHRegDeleteEmptyUSKeyA
PathIsSameRootA
PathQuoteSpacesA
StrCSpnA
SHAutoComplete
UrlCreateFromPathA
PathIsUNCA
PathIsNetworkPathA
StrToIntExA
SHQueryInfoKeyA
StrCmpNIA
SHCreateShellPalette
SHRegDuplicateHKey
PathCanonicalizeA
StrCatBuffA
ColorHLSToRGB
StrIsIntlEqualA
PathRemoveArgsA
StrSpnA
PathSkipRootA
UrlIsOpaqueA
PathAppendA
StrRetToBufA
SHRegCloseUSKey

kernel32

WriteFile
_lread
GetTickCount
WriteFileEx
GetSystemPowerStatus
CompareStringA
OpenProfileUserMapping
ReadConsoleOutputA
LocalReAlloc
FileTimeToDosDateTime
WritePrivateProfileSectionA
GetDriveTypeA
Process32First
WaitForSingleObjectEx
GetWriteWatch
lstrlen
GetDateFormatA
SetThreadLocale
LocalLock
EnumResourceNamesA
GetFileAttributesA
IsSystemResumeAutomatic
TlsAlloc
WritePrivateProfileStringA
SetCommMask
CreateRemoteThread
FlushFileBuffers
GlobalUnWire
GetProcessHeaps
FreeLibraryAndExitThread
GetCommTimeouts
DuplicateHandle
TransmitCommChar
RequestDeviceWakeup
CallNamedPipeA
FindCloseChangeNotification
CreateFiber
InterlockedIncrement
GetPrivateProfileStructA
lstrcmp
HeapLock
LockResource
GetThreadPriority
WriteTapemark
IsDBCSLeadByteEx
SetConsoleTitleA
GetDefaultCommConfigA

user32

CheckDlgButton

Sections

.vad
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dmr
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bcvyb
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xepkl
Size: 27KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

146d6b0d6c5fa313a0873416ee1f4151

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

Sections

.vad Size: 22KB - Virtual size: 45KB

.dmr Size: 5KB - Virtual size: 10KB

.bcvyb Size: 1024B - Virtual size: 1KB

.xepkl Size: 27KB - Virtual size: 132KB

.rsrc Size: 2KB - Virtual size: 4KB

.vad
Size: 22KB - Virtual size: 45KB

.dmr
Size: 5KB - Virtual size: 10KB

.bcvyb
Size: 1024B - Virtual size: 1KB

.xepkl
Size: 27KB - Virtual size: 132KB

.rsrc
Size: 2KB - Virtual size: 4KB