4367f2dc0cc58d486ca592739847d405

Sharing

Copy URL

Twitter E-mail

General

Target

4367f2dc0cc58d486ca592739847d405
Size

166KB
MD5

4367f2dc0cc58d486ca592739847d405
SHA1

d5f9432dce89f5d6f22141eb20e81d1d406b8f46
SHA256

7b99747bda018988fb74bdb089ab51611f276efd3c33c00b92e7c7feeadd2b2c
SHA512

3bf669695458588d2533efba80e4884a036a5d74bd8b25a63a1fd8e6898e2a3b821d30cb9c7eb66826cd5a34c6b0819383dc7ddb946ed1101b966824a7a7c3ab
SSDEEP

3072:m2oo9ZKqAaDnBtGdrnhCzRM+uz7faYIfb0A6n7eal8wXw6IRxr:z1KqxFtEgM+gfadbynjywyxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4367f2dc0cc58d486ca592739847d405

Files

4367f2dc0cc58d486ca592739847d405
.exe windows:4 windows x86 arch:x86

187429e543a981714e7dc18289f37298

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
SetHandleInformation
HeapReAlloc
DisableThreadLibraryCalls
GetCommandLineA
lstrlenA
LoadResource
VirtualAlloc
IsDBCSLeadByte
SizeofResource
TlsFree
GetModuleHandleA
MulDiv
VirtualFree
InterlockedExchange
GetCurrentThreadId
GetThreadLocale
HeapCreate
GetEnvironmentStringsW
LeaveCriticalSection
lstrcmpiA
CloseHandle
HeapSize
GetCPInfo
GetFileType
UnhandledExceptionFilter
TransmitCommChar
VirtualQuery
IsBadWritePtr
FreeLibrary
SetStdHandle
HeapDestroy
FindResourceA
GetSystemTimeAsFileTime
GetStartupInfoA
lstrcpyA
GetSystemInfo
SetHandleCount
lstrcpynA
InitializeCriticalSection
FlushInstructionCache
ExitProcess
lstrcatA
LoadLibraryA
VirtualProtect
DeleteCriticalSection
EnumResourceNamesW
EnterCriticalSection
LoadLibraryExA
QueryPerformanceCounter
InterlockedDecrement
SetUnhandledExceptionFilter
GetOEMCP
RtlUnwind
GetProcessHeap
LCMapStringW
RaiseException
GetACP
FreeEnvironmentStringsA
InterlockedIncrement
WideCharToMultiByte
SetLastError
TlsAlloc
GetStringTypeA
GetVersionExA
ExitProcess
SetFilePointer
LockResource
GetEnvironmentStrings
IsBadReadPtr
GetModuleFileNameA
GetProcAddress
TlsGetValue
IsBadCodePtr
GetTickCount
HeapAlloc
TlsSetValue
TerminateProcess
LCMapStringA
GetStringTypeW
GetStdHandle
FreeEnvironmentStringsW
GetLocaleInfoA
WriteFile
lstrlenW
MultiByteToWideChar
FlushFileBuffers
GetCurrentProcess
GetLastError
HeapFree

gdi32

DeleteObject
GetDeviceCaps
GetTextExtentPointA
GetTextMetricsA
SelectObject
CreateFontIndirectA

user32

GetDC
IsDialogMessageA
IsDlgButtonChecked
UnregisterClassA
CreateDialogParamA
GetDlgItem
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
GetDialogBaseUnits
ReleaseDC
IsWindow
DestroyWindow
SetWindowLongA
MoveWindow
WinHelpA
EnableWindow
CheckDlgButton
ShowWindow
CharNextA

shlwapi

PathFindExtensionA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA

msimg32

AlphaBlend
TransparentBlt

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

187429e543a981714e7dc18289f37298

Headers

File Characteristics

Imports

kernel32

gdi32

user32

shlwapi

advapi32

msimg32

ole32

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 38KB - Virtual size: 37KB

.crt Size: 512B - Virtual size: 60KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 38KB - Virtual size: 37KB

.crt
Size: 512B - Virtual size: 60KB