397f484b14286c4e870d90995b0a768d

Sharing

Copy URL Twitter E-mail

General

Target

397f484b14286c4e870d90995b0a768d
Size

367KB
MD5

397f484b14286c4e870d90995b0a768d
SHA1

0af8a8965e113240b941798d8209dee5ed39cb1e
SHA256

aeff22450a24addf9a1acdfb76a91cd9d16f4f6d31d37a90bc7f18285a8b3161
SHA512

4d0c04447a6c84cfe7fb3484499cce9232f60819812a6102f0bd152ceb918c041bf231ba2dfc565a06f6aba4fc4ef180f2f0098013c2d74ccf573a2d50e0953d
SSDEEP

6144:Ja5ijk4q3ieGUXpRN3AnJgH1HkCMPp0fhZiZDl3dJM7XE3ImWWSgRDXzBjSDK80p:JyiA5RVAnJci90fu/IvST1StDCVIXBI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397f484b14286c4e870d90995b0a768d

Files

397f484b14286c4e870d90995b0a768d
.exe windows:4 windows x86 arch:x86

9d4415926d37ca70977a36675fa09aa9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ReplaceTextA
PageSetupDlgW

kernel32

lstrcmpi
GetDriveTypeA
GetDateFormatA
LocalCompact
GetTimeFormatA
GetEnvironmentStrings
GetCPInfo
TlsFree
GetStringTypeA
TlsSetValue
LocalFlags
VirtualAlloc
WriteFile
CreateMutexA
GetCurrentThreadId
VirtualQuery
MoveFileA
ReadFile
GetCurrentThread
ExitProcess
InitializeCriticalSection
LCMapStringA
EnterCriticalSection
IsValidCodePage
GetSystemTimeAsFileTime
GetLocaleInfoA
GetTimeZoneInformation
FreeEnvironmentStringsA
InterlockedExchange
HeapSize
RtlUnwind
GetUserDefaultLCID
SetFilePointer
QueryPerformanceCounter
CloseHandle
SetLastError
CompareStringA
DeleteCriticalSection
GetFileType
EnumSystemLocalesA
GetVersionExA
UnhandledExceptionFilter
FreeResource
GetModuleHandleA
GetShortPathNameW
GetLocaleInfoW
GetModuleHandleW
LCMapStringW
GetTempFileNameA
GetOEMCP
HeapReAlloc
GetModuleFileNameA
GetEnvironmentStringsW
LeaveCriticalSection
VirtualProtect
VirtualFree
GetCommandLineA
SetEnvironmentVariableA
GetPrivateProfileStringA
GetStringTypeW
GetSystemInfo
TlsGetValue
MapViewOfFile
GetTickCount
GetProcAddress
IsValidLocale
OpenMutexA
GetACP
GetDiskFreeSpaceExW
TerminateProcess
MultiByteToWideChar
GetLastError
RemoveDirectoryA
GetStartupInfoA
TlsAlloc
GetStdHandle
WideCharToMultiByte
FreeEnvironmentStringsW
SetHandleCount
CompareStringW
FlushFileBuffers
SetLocaleInfoW
GetCurrentProcessId
IsBadWritePtr
HeapAlloc
HeapDestroy
OpenWaitableTimerA
HeapFree
HeapCreate
SetStdHandle
GetCurrentProcess
LoadLibraryA

advapi32

RegOpenKeyExW
RegDeleteKeyW

wininet

FtpOpenFileA
RegisterUrlCacheNotification
ShowClientAuthCerts
InternetGetConnectedState
InternetGoOnline
InternetShowSecurityInfoByURL

comctl32

InitCommonControlsEx

user32

GetThreadDesktop
LoadCursorW
RegisterClassA
CharNextA
CharToOemBuffW
GetParent
RegisterClassExA
ValidateRect
ChangeMenuA
IsCharAlphaA
SendMessageTimeoutA
MapWindowPoints
MenuItemFromPoint
RegisterClipboardFormatA
CopyIcon
GetSubMenu
GetClassLongW
GetClassNameA
OpenWindowStationW
GetMessageW
SetFocus

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d4415926d37ca70977a36675fa09aa9

Headers

File Characteristics

Imports

comdlg32

kernel32

advapi32

wininet

comctl32

user32

Sections

.text Size: 193KB - Virtual size: 193KB

.rdata Size: 8KB - Virtual size: 12KB

.data Size: 148KB - Virtual size: 148KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 8KB - Virtual size: 12KB

.data
Size: 148KB - Virtual size: 148KB

.rsrc
Size: 16KB - Virtual size: 15KB