42976beefe5cd0105927d4aade290e7c

Sharing

Copy URL Twitter E-mail

General

Target

42976beefe5cd0105927d4aade290e7c
Size

397KB
MD5

42976beefe5cd0105927d4aade290e7c
SHA1

36d84ea6a3188d275d5efeddd129583b35005700
SHA256

7145b894c0a67f8619071ffa247578b177d1d5eeb73934718e96394f1289cabd
SHA512

390c150077c60b2d901787a53f2ba4c7f8cf10d34aa2c3c257f0cb5ca5204eaa07fcac826c413996ff5381f45d5fa2eedc8e993fbae9a8ea276621d3e90462de
SSDEEP

12288:W58qI5XhErwzvMtkma5oCins91jvhmOI8wMw+N5ZLH:W5u7ErSMtkma5H59pp7eM9N/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42976beefe5cd0105927d4aade290e7c

Files

42976beefe5cd0105927d4aade290e7c
.exe windows:4 windows x86 arch:x86

958b5b80de33d2d1d755ed59c0273e86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupAccountNameW
RegQueryMultipleValuesW
RegCreateKeyExW
RegSaveKeyW
RegQueryMultipleValuesA
CryptSignHashW
CryptSetProviderExA
RegLoadKeyA
RegQueryInfoKeyA
LookupAccountSidA
RegSetValueExW

gdi32

CreateFontIndirectW
SetPixelFormat
EnumFontFamiliesExW
GetFontLanguageInfo
AbortDoc
SetLayout
GetTextExtentPointA
CreateRoundRectRgn
RemoveFontResourceA
GetEnhMetaFileDescriptionW
GetViewportExtEx
EnumObjects
CreateFontW

shell32

ExtractIconExW
SHGetFileInfoW
SheChangeDirExW
ExtractIconEx
ShellHookProc
ExtractAssociatedIconA
ExtractIconExA

wininet

InternetGetConnectedState
GetUrlCacheConfigInfoA
InternetSetFilePointer
InternetAutodialHangup
InternetShowSecurityInfoByURLA

kernel32

GetPrivateProfileStringW
LeaveCriticalSection
LoadLibraryA
GetStdHandle
IsValidCodePage
GetCPInfo
GetDateFormatA
GetEnvironmentStrings
GetFileType
TlsAlloc
ReleaseSemaphore
HeapAlloc
GetLocaleInfoA
HeapReAlloc
GetTimeZoneInformation
VirtualProtect
LCMapStringW
GetTickCount
GetStringTypeW
TlsSetValue
InterlockedExchange
QueryPerformanceCounter
GetModuleFileNameW
lstrcmpi
ResumeThread
TerminateProcess
TlsFree
GetSystemInfo
SetLastError
GetLastError
GetVersionExA
GetProcAddress
EnterCriticalSection
VirtualFree
GetCurrentThreadId
GetConsoleCursorInfo
WideCharToMultiByte
IsValidLocale
GetCurrentThread
FreeEnvironmentStringsA
GlobalUnlock
IsBadWritePtr
LCMapStringA
GetACP
VirtualAlloc
GetFileAttributesA
SetHandleCount
ExitProcess
RtlUnwind
GetModuleFileNameA
ReadConsoleInputA
CreateDirectoryExA
SetEnvironmentVariableA
GetCurrentProcessId
VirtualQuery
MultiByteToWideChar
DeleteCriticalSection
HeapSize
GetCommandLineA
OpenMutexW
GetStartupInfoW
GetLocaleInfoW
HeapCreate
GetUserDefaultLCID
HeapDestroy
EnumCalendarInfoA
SetConsoleCursorInfo
GetTimeFormatA
CompareStringA
GetSystemTimeAsFileTime
EnumTimeFormatsW
GetStringTypeA
WriteConsoleOutputW
GetCurrentProcess
GetPrivateProfileStructA
FindResourceA
TlsGetValue
GetEnvironmentStringsW
GetOEMCP
FreeEnvironmentStringsW
UnhandledExceptionFilter
CompareStringW
InitializeCriticalSection
HeapFree
GetStartupInfoA
GetCommandLineW
GetModuleHandleA
WriteFile
EnumSystemLocalesA
UnlockFileEx

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

958b5b80de33d2d1d755ed59c0273e86

Headers

File Characteristics

Imports

advapi32

gdi32

shell32

wininet

kernel32

Sections

.text Size: 119KB - Virtual size: 118KB

.data Size: 275KB - Virtual size: 307KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 119KB - Virtual size: 118KB

.data
Size: 275KB - Virtual size: 307KB

.rsrc
Size: 2KB - Virtual size: 1KB