28801508a7953ebb4f603a60b3ef5efd

Sharing

Copy URL Twitter E-mail

General

Target

28801508a7953ebb4f603a60b3ef5efd
Size

477KB
MD5

28801508a7953ebb4f603a60b3ef5efd
SHA1

761f148c360dfe93204d881f03fdb89b1a20b990
SHA256

ff80d6ab4b70f4f8212fe85530d75444cd952510e31edd66b1237fc36bb2dfe6
SHA512

94b2f9b59ac42e1dde00f97f70666e158821ddb10ffa5acaf26d89efd89ac93358dbb1b1278881f907d76255526283d321fb42cee9969bb6fed9901c29e276a3
SSDEEP

12288:YDesuxOULSxrHk75VD9983i2AYFYO83um:YKsFxrHc9983wYFK+m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28801508a7953ebb4f603a60b3ef5efd

Files

28801508a7953ebb4f603a60b3ef5efd
.exe windows:4 windows x86 arch:x86

c13cd9ccec3b87b25ab6dfd24c46c9b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

LoadAlterBitmap
ReplaceTextA

comctl32

InitCommonControlsEx

user32

SendMessageTimeoutW
TranslateAccelerator
RegisterDeviceNotificationA
wvsprintfW
GetMessageExtraInfo
GetWindowInfo
DdeDisconnectList
ScrollDC
FlashWindowEx
MsgWaitForMultipleObjectsEx
RegisterClassExA
SetParent
GetKeyboardLayoutNameA
WinHelpA
GetMessageW
GetDialogBaseUnits
DdeInitializeW
GetPropA
RegisterClassA

advapi32

CryptCreateHash
GetUserNameA

kernel32

GetEnvironmentStrings
SetStdHandle
ExitProcess
GetLocaleInfoA
TlsSetValue
CloseHandle
GetACP
IsValidCodePage
GetStringTypeW
GetStringTypeA
CreateMutexA
HeapSize
TerminateProcess
ReadFile
GetSystemInfo
UnhandledExceptionFilter
LoadLibraryA
SetHandleCount
InitializeCriticalSection
VirtualProtect
FreeEnvironmentStringsW
WriteFile
GetTimeZoneInformation
GetTimeFormatA
VirtualQuery
GetStdHandle
SetEnvironmentVariableA
GetCurrentProcessId
EnumDateFormatsExA
GetVersionExA
GetCommandLineW
WriteConsoleOutputAttribute
SetFilePointer
ReadConsoleOutputA
HeapDestroy
InterlockedDecrement
GetLocaleInfoW
VirtualAlloc
GetStartupInfoA
GetTickCount
SetLastError
HeapAlloc
HeapReAlloc
DeleteCriticalSection
EnumDateFormatsA
CreateSemaphoreA
FreeEnvironmentStringsA
WriteConsoleOutputCharacterW
GetSystemTimeAsFileTime
HeapCreate
LCMapStringW
GetUserDefaultLCID
TlsFree
GetCPInfo
HeapFree
LeaveCriticalSection
CompareStringW
GetCommandLineA
MultiByteToWideChar
GetCurrentDirectoryA
FreeLibraryAndExitThread
GetCurrentProcess
GetModuleFileNameA
WideCharToMultiByte
CompareStringA
EnumSystemLocalesA
lstrcmpW
OpenMutexA
LCMapStringA
GetDateFormatA
InterlockedExchange
QueryPerformanceCounter
GetLongPathNameW
GetOEMCP
EnterCriticalSection
WriteConsoleInputA
GetLastError
RtlUnwind
GetEnvironmentStringsW
VirtualFree
IsBadWritePtr
SetComputerNameA
GetModuleHandleA
GetModuleFileNameW
IsValidLocale
GetStartupInfoW
GetProcAddress
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentThread
GetFileType
FlushFileBuffers

shell32

RealShellExecuteA
RealShellExecuteExA

wininet

InternetAutodial
InternetGoOnline
InternetQueryDataAvailable
SetUrlCacheConfigInfoA
CreateUrlCacheContainerA
InternetCheckConnectionW

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c13cd9ccec3b87b25ab6dfd24c46c9b2

Headers

File Characteristics

Imports

comdlg32

comctl32

user32

advapi32

kernel32

shell32

wininet

Sections

.text Size: 338KB - Virtual size: 338KB

.rdata Size: 22KB - Virtual size: 29KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 338KB - Virtual size: 338KB

.rdata
Size: 22KB - Virtual size: 29KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 12KB - Virtual size: 12KB