474cc1c03970bb678c25e7c6eb7a3f90

Sharing

Copy URL Twitter E-mail

General

Target

474cc1c03970bb678c25e7c6eb7a3f90
Size

437KB
MD5

474cc1c03970bb678c25e7c6eb7a3f90
SHA1

0267850d81862ad388f3b724728f5e9bda151864
SHA256

46428302e5878e8337e6ba7471fa9125dd90d8e18f0bc9dbefea62bc55b52c7b
SHA512

2954c71ec05255e7e64f38f8caed2b466cefde47565e7b1dec5144add0b2519a6ee8d7cd095594df0fde7a3e7b6f724b2468ff986220f000b5a0a8f414c72e79
SSDEEP

12288:QOmNtO0k89fGEwunYCyB0K8yUS2uakBtdsEQM/RrEw:QOGO0k89fGK1bkuEQM/R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
474cc1c03970bb678c25e7c6eb7a3f90

Files

474cc1c03970bb678c25e7c6eb7a3f90
.exe windows:4 windows x86 arch:x86

8f97a245ca36e723d59b09c6273ff478

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCurrentThread
SetUnhandledExceptionFilter
GetACP
RtlUnwind
InterlockedIncrement
FreeLibrary
GetCurrentProcess
HeapCreate
VirtualAlloc
TlsFree
SetHandleCount
HeapReAlloc
GetTimeFormatA
SetEndOfFile
GetStringTypeW
GetLastError
TlsAlloc
GetModuleFileNameA
GetLocaleInfoW
InterlockedDecrement
ExitProcess
GetStartupInfoA
InitializeCriticalSection
IsValidLocale
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
HeapDestroy
GetFileType
LeaveCriticalSection
QueryPerformanceCounter
SetConsoleMode
VirtualFree
EnumSystemLocalesA
UnhandledExceptionFilter
GetCurrentThreadId
GetEnvironmentStringsW
HeapAlloc
GetUserDefaultLCID
HeapFree
GetFullPathNameA
TlsGetValue
GetCurrentProcessId
FreeEnvironmentStringsW
IsDebuggerPresent
HeapSize
WriteFile
LCMapStringW
GetEnvironmentStrings
GetStdHandle
IsValidCodePage
GetLocaleInfoA
SetEnvironmentVariableA
WideCharToMultiByte
CompareStringW
GetCPInfo
GetModuleHandleA
CompareStringA
GetProcessHeap
FreeEnvironmentStringsA
SetTimeZoneInformation
TlsSetValue
EnterCriticalSection
DeleteCriticalSection
GetDateFormatA
LCMapStringA
GetProcAddress
GetStringTypeA
GetTimeZoneInformation
GetCommandLineA
SetLastError
InterlockedExchange
MultiByteToWideChar
TerminateProcess
GetVersionExA
VirtualQuery
SetConsoleCtrlHandler
Sleep

user32

MsgWaitForMultipleObjectsEx
SetRect
GetMenu
GetWindow
GetClassLongW
SetMenuItemInfoA
GetKeyboardLayout
DdeDisconnectList
IsMenu

advapi32

CryptDuplicateHash
RegOpenKeyExA
RegEnumKeyW
CryptReleaseContext
LookupPrivilegeNameW
RegQueryValueW
LogonUserA
CryptAcquireContextW
RegDeleteKeyA
RegSetKeySecurity
RegSetValueW
CryptDeriveKey
CryptGetProvParam
DuplicateToken

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f97a245ca36e723d59b09c6273ff478

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 153KB - Virtual size: 152KB

.data Size: 276KB - Virtual size: 301KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 153KB - Virtual size: 152KB

.data
Size: 276KB - Virtual size: 301KB

.rsrc
Size: 7KB - Virtual size: 7KB