370fab0321b526e22b441ffbf63bb489

Sharing

Copy URL

Twitter E-mail

General

Target

370fab0321b526e22b441ffbf63bb489
Size

513KB
MD5

370fab0321b526e22b441ffbf63bb489
SHA1

65b52dffcaabe4c0a3385f177fb0f78656ee00f9
SHA256

cdb8306b9a69a6dbedaeab21bbf9882003d4d1a638e21ef34a70b2613490ba64
SHA512

9e54a3f5ec503e3a0f255babf2d8e7cf1f7edd5f2da9c0bdc91d7fe91f9e4882a676a4cf90c6013b33acf7c9c546292a155422e48cffae5673c9d35ee5383e40
SSDEEP

12288:rMnsciLYJpbbM6Axdnb/jJer1CIc7LWtWdyNwa1:rMdqA5bM6O7AroIptWdyea

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
370fab0321b526e22b441ffbf63bb489

Files

370fab0321b526e22b441ffbf63bb489
.exe windows:4 windows x86 arch:x86

247a7598e73d241c5de03493b71364ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

LoadAlterBitmap
PrintDlgW
PrintDlgA
FindTextW

kernel32

CompareStringA
ReadConsoleW
GetModuleFileNameA
GetUserDefaultLCID
GetACP
GlobalDeleteAtom
LeaveCriticalSection
TlsSetValue
GetTimeZoneInformation
SetStdHandle
HeapValidate
GetNamedPipeHandleStateA
WideCharToMultiByte
VirtualFree
EnumResourceNamesA
GetFileType
GetLogicalDrives
SetEnvironmentVariableA
CreateMutexA
LoadLibraryA
TerminateProcess
GetProcAddress
GetCommandLineA
WriteFile
HeapCreate
HeapFree
SetLastError
GetStringTypeW
lstrcpyA
GetVersionExA
ReadConsoleOutputW
DebugActiveProcess
TlsFree
InterlockedExchange
TlsAlloc
GetConsoleOutputCP
IsBadWritePtr
InitializeCriticalSection
EnumSystemLocalesA
GetCPInfo
FreeEnvironmentStringsW
GetCurrentProcess
VirtualAlloc
IsValidLocale
GetOEMCP
QueryPerformanceCounter
OpenMutexA
FormatMessageA
HeapSize
DeleteCriticalSection
SetThreadLocale
ExitProcess
CloseHandle
IsValidCodePage
FindFirstFileExA
SetHandleCount
OpenWaitableTimerA
CompareFileTime
GetSystemDefaultLCID
GetLocaleInfoW
GetCurrentProcessId
GetProcessHeap
UnhandledExceptionFilter
RtlUnwind
GetEnvironmentStrings
GetDateFormatA
LCMapStringW
GetLocaleInfoA
GlobalAddAtomW
SetLocaleInfoW
GetSystemDefaultLangID
HeapAlloc
WaitForSingleObject
FlushFileBuffers
GetSystemTimeAsFileTime
HeapReAlloc
GetCurrentThread
TransactNamedPipe
VirtualQuery
HeapDestroy
VirtualProtect
GetTickCount
SetFilePointer
EnterCriticalSection
GetTimeFormatA
GetLastError
ReadFile
GetStartupInfoA
CompareStringW
LCMapStringA
GetStdHandle
SetVolumeLabelA
GetSystemInfo
FreeEnvironmentStringsA
GetEnvironmentStringsW
GetModuleHandleA
GetStringTypeA
MultiByteToWideChar
TlsGetValue
GetCurrentThreadId

comctl32

InitCommonControlsEx

user32

RegisterClassExA
DdeCreateStringHandleA
RegisterClassA

advapi32

RegSetKeySecurity
LookupPrivilegeNameA
RegQueryValueExA
InitiateSystemShutdownW
RegEnumKeyExA
RegQueryMultipleValuesA
CryptSignHashA
LogonUserW
LookupPrivilegeValueA
CryptGenRandom
LookupAccountNameA
DuplicateToken
CreateServiceA

shell32

SHFileOperationA
CommandLineToArgvW

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

247a7598e73d241c5de03493b71364ed

Headers

File Characteristics

Imports

comdlg32

kernel32

comctl32

user32

advapi32

shell32

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 8KB - Virtual size: 24KB

.data Size: 313KB - Virtual size: 312KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 8KB - Virtual size: 24KB

.data
Size: 313KB - Virtual size: 312KB

.rsrc
Size: 7KB - Virtual size: 6KB