42d70e8e073daf2fee10e3da45636610

Sharing

Copy URL

Twitter E-mail

General

Target

42d70e8e073daf2fee10e3da45636610
Size

409KB
MD5

42d70e8e073daf2fee10e3da45636610
SHA1

818eb4262837fdc6923e79dab978d01a3e94522b
SHA256

33e03128399072694d6ea80ed42f3b84bfa2e43cb0f93befc4b0f005a40c2329
SHA512

e021465a97f53d6d818f953997b4430713784726beb29674cad247390e2de2c626f790f3cd1091900ed83231ea348e851ce430bd900e6da5abb93635403c3890
SSDEEP

12288:R31MArIBC2OnSWNEAp4zPm0KDZFUL3Gg:MArI82P8WbSDZQ3G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42d70e8e073daf2fee10e3da45636610

Files

42d70e8e073daf2fee10e3da45636610
.exe windows:4 windows x86 arch:x86

869ac25c03d8ff8e36587e3eb91571fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
OemToCharW
GetMenuBarInfo
EnumDisplaySettingsA
GetMenuItemCount
BroadcastSystemMessageW

gdi32

GetICMProfileA
AbortPath
StretchDIBits
GetDeviceGammaRamp

shell32

SHUpdateRecycleBinIcon
ShellAboutW
SHEmptyRecycleBinW
SheChangeDirA
SHGetFileInfoW
FindExecutableW
SHFileOperationW
ExtractIconExW
ExtractIconExA
SHAddToRecentDocs
FindExecutableA
SHGetDesktopFolder
DragFinish
SHGetPathFromIDList
SHGetDataFromIDListW
CheckEscapesW

comdlg32

PageSetupDlgA
ReplaceTextW
FindTextW
GetFileTitleA
GetOpenFileNameW
PrintDlgW
PrintDlgA
PageSetupDlgW
ChooseColorA

kernel32

GetEnvironmentStringsW
HeapFree
LoadLibraryA
CompareStringA
VirtualFree
GetStringTypeA
GetTimeZoneInformation
GetUserDefaultLCID
HeapCreate
UnmapViewOfFile
GetFileType
HeapAlloc
HeapSize
HeapReAlloc
SetEnvironmentVariableA
GetLastError
WriteFile
GetTickCount
LCMapStringW
IsValidLocale
InterlockedExchange
QueryPerformanceCounter
IsBadWritePtr
EnterCriticalSection
GetCommandLineW
TerminateProcess
TlsSetValue
LeaveCriticalSection
GetSystemInfo
HeapDestroy
SetLastError
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
GetCurrentThreadId
EnumSystemLocalesA
GetOEMCP
VirtualProtect
GetTimeFormatA
GetStartupInfoA
GetCPInfo
UnhandledExceptionFilter
WideCharToMultiByte
GetStdHandle
VirtualAlloc
FreeEnvironmentStringsW
GetStartupInfoW
ExitProcess
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetDateFormatA
IsValidCodePage
GetCurrentProcessId
VirtualQuery
GetVersionExA
GetLocaleInfoW
TlsGetValue
GetStringTypeW
GetCurrentThread
LCMapStringA
InitializeCriticalSection
TlsAlloc
SetHandleCount
TlsFree
CompareStringW
GetCommandLineA
MultiByteToWideChar
GetLocaleInfoA
GetSystemTimeAsFileTime
GetACP
GlobalCompact
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetConsoleCursorInfo

advapi32

CryptGetKeyParam
RegEnumValueW
CryptSetProvParam
LogonUserW
LookupPrivilegeDisplayNameA
RegOpenKeyA
CryptVerifySignatureA
CryptDestroyKey
DuplicateTokenEx
CryptSignHashA

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

869ac25c03d8ff8e36587e3eb91571fc

Headers

File Characteristics

Imports

user32

gdi32

shell32

comdlg32

kernel32

advapi32

Sections

.text Size: 122KB - Virtual size: 121KB

.data Size: 276KB - Virtual size: 307KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 122KB - Virtual size: 121KB

.data
Size: 276KB - Virtual size: 307KB

.rsrc
Size: 10KB - Virtual size: 10KB