271a1f743aaa8a48272c6d5f0e7b2e32

Sharing

Copy URL

Twitter E-mail

General

Target

271a1f743aaa8a48272c6d5f0e7b2e32
Size

239KB
MD5

271a1f743aaa8a48272c6d5f0e7b2e32
SHA1

30f20316e39e6ee992dc5ddf761e27476bdbdb4c
SHA256

e542c5cc3b17c57c7968e13eb37eb51855234c00d7e5ddd8687378707142ecb0
SHA512

1aaf83d0f6619b2516d78ab8a2582dc472f38b272983313ff6136e305fab35ef6096aaf3b5193f30293ba356838a9ae9313a95d7bd1cfb73459d0ef756a306bc
SSDEEP

6144:+7GnKvNb4jINyRqg4iy4ywjhTCGnbA50:YGn8UIQRqXifyGh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
271a1f743aaa8a48272c6d5f0e7b2e32

Files

271a1f743aaa8a48272c6d5f0e7b2e32
.exe windows:4 windows x86 arch:x86

40870abddf3f820a90ca8f5f2a6ae7f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileW
OpenMutexW
GetStringTypeW
VirtualProtectEx
RtlUnwind
GetEnvironmentStrings
CreateDirectoryExW
GetCurrentProcess
GetCPInfo
VirtualAlloc
GetUserDefaultLCID
GetStdHandle
HeapReAlloc
FreeEnvironmentStringsA
lstrcatW
EnumSystemLocalesA
LocalCompact
TlsGetValue
GetModuleFileNameA
GetLogicalDrives
WideCharToMultiByte
TlsFree
CompareStringW
GetCurrentThread
Sleep
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetCommandLineA
GetStringTypeExA
GetModuleFileNameW
QueryPerformanceCounter
LCMapStringA
InitializeCriticalSection
TlsSetValue
HeapDestroy
IsValidCodePage
GlobalAddAtomW
HeapAlloc
FreeLibrary
HeapFree
FreeLibraryAndExitThread
SetHandleCount
GetCurrentProcessId
InterlockedCompareExchange
GetEnvironmentStringsW
SetLastError
InterlockedIncrement
GetLocaleInfoW
EnumCalendarInfoExW
DeleteCriticalSection
GetFileType
RtlFillMemory
MultiByteToWideChar
InterlockedDecrement
FillConsoleOutputCharacterA
FoldStringA
SetEnvironmentVariableA
SetConsoleCtrlHandler
LeaveCriticalSection
GetProfileIntW
SetLocalTime
HeapCreate
TlsAlloc
LocalShrink
GetFileAttributesExW
GetLocaleInfoA
GetProcAddress
EnterCriticalSection
FreeEnvironmentStringsW
TerminateThread
GetStringTypeA
InterlockedExchange
UnhandledExceptionFilter
LCMapStringW
GetACP
VirtualQuery
IsValidLocale
IsDebuggerPresent
GetVolumeInformationW
GetTimeFormatA
GetCurrentThreadId
GetProcessHeap
HeapSize
TerminateProcess
CompareStringA
GetStartupInfoW
SetUnhandledExceptionFilter
VirtualFree
GetVersionExA
GetCommandLineW
GetLastError
GetCompressedFileSizeA
ExitProcess
GetTimeZoneInformation
WriteFile
GetOEMCP
GetModuleHandleA
GetDateFormatA
GetStartupInfoA

wininet

FtpCreateDirectoryW
InternetInitializeAutoProxyDll
SetUrlCacheEntryGroupW
HttpQueryInfoW
InternetCombineUrlW
InternetGetCertByURL
IsUrlCacheEntryExpiredW
InternetSetOptionExW
InternetGetConnectedStateEx
HttpAddRequestHeadersW
InternetAutodialHangup
InternetConnectA
InternetGetConnectedStateExW
DeleteIE3Cache
DeleteUrlCacheGroup
FtpPutFileA
HttpEndRequestA
FindNextUrlCacheEntryA
FtpCreateDirectoryA
UnlockUrlCacheEntryFileW
InternetTimeFromSystemTime
InternetDial

shell32

CommandLineToArgvW
ShellAboutW
ExtractAssociatedIconExW
SHGetPathFromIDList
SHFormatDrive
SheGetDirA
SHFreeNameMappings

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40870abddf3f820a90ca8f5f2a6ae7f9

Headers

File Characteristics

Imports

kernel32

wininet

shell32

Sections

.text Size: 99KB - Virtual size: 99KB

.data Size: 137KB - Virtual size: 161KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 99KB - Virtual size: 99KB

.data
Size: 137KB - Virtual size: 161KB

.rsrc
Size: 1KB - Virtual size: 1KB