4768d665ed314329aea1bfbc34600e72

Sharing

Copy URL Twitter E-mail

General

Target

4768d665ed314329aea1bfbc34600e72
Size

34KB
MD5

4768d665ed314329aea1bfbc34600e72
SHA1

a3b51e26971a2b85f2863943d1eb666b5f8b14d1
SHA256

db83ea5ca29e268fa226480bdae1e4c2bb942be422089fff54eb30ea67229f30
SHA512

496abd340be4d2be8862e836064b4e852f4d3b13b3c47c09311f26be9249848537497a55978b91c3da6142f53e020cce24fccb263196898746b0a3d8faaf4953
SSDEEP

768:V6350ROJWIOyQ/sy66MM+afJ1p9jedJcWLcCuip373OQ:w50Gosy9MOJljedJcWL7uip

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4768d665ed314329aea1bfbc34600e72

Files

4768d665ed314329aea1bfbc34600e72
.exe windows:4 windows x86 arch:x86

72934eaabb4f0618a856513dd8d0551b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlInitUnicodeString
RtlCompareUnicodeString

netapi32

DsGetDcNameW
NetServerGetInfo
NetUserModalsGet
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
NetApiBufferFree

ole32

CoTaskMemAlloc
ReleaseStgMedium
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
GetHGlobalFromStream
StringFromCLSID
CoInitialize

kernel32

InterlockedIncrement
UnhandledExceptionFilter
GetModuleHandleW
Sleep
GlobalLock
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcess
CompareStringW
GetModuleFileNameW
GlobalFree
LoadLibraryA
InterlockedDecrement
GlobalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
CompareFileTime
GetComputerNameW
GlobalUnlock
MultiByteToWideChar
lstrcpynW
IsBadWritePtr
LocalAlloc
lstrlenW
GetCurrentProcessId
GetVersion
GetCurrentThreadId
TerminateProcess
GetSystemTimeAsFileTime
FormatMessageW
CloseHandle
DeleteCriticalSection
GetFileAttributesW
FreeConsole
GetWindowsDirectoryW
VirtualAlloc
SetLastError
GetTickCount
GetModuleHandleA
WideCharToMultiByte
OutputDebugStringA
IsBadStringPtrW
GetSystemWindowsDirectoryW
lstrcmpiW
QueryPerformanceCounter
LocalFree

crypt32

CryptFindOIDInfo
CryptEncodeObject
CryptDecodeObject
CryptFormatObject
CryptEnumOIDInfo

msvcrt

_adjust_fdiv
wcscmp
strncmp
_except_handler3
strstr
_initterm
free
wcsstr
mbstowcs
__dllonexit
wcsncpy
_wcsicmp
wcscpy
_wcsnicmp
wcslen
_stricmp
malloc
__RTDynamicCast
wcschr
_ultow
_purecall
_onexit
_CxxThrowException
strspn
atoi
iswspace
__CxxFrameHandler

shell32

ShellExecuteW

user32

EnableWindow
GetDlgCtrlID
OpenClipboard
LoadStringW
LoadMenuW
LoadIconW
SetClipboardData
WinHelpW
EmptyClipboard
MessageBoxW
UnhookWindowsHookEx
PostMessageW
SetWindowLongW
GetWindowLongW
InsertMenuItemW
SendMessageW
RegisterClipboardFormatW
GetDlgItem
GetParent
ChildWindowFromPointEx
SetWindowsHookExW
CallNextHookEx
GetSubMenu
CloseClipboard
ScreenToClient
LoadBitmapW

certcli

CAGetCertTypeExtensions
CAGetCertTypeExpiration
CACertTypeSetSecurity
CAInstallDefaultCertType
CAGetCertTypeKeySpec
CAOIDAdd
CAFindCertTypeByName
CAOIDCreateNew
CAGetCertTypePropertyEx
CAFreeCertTypeExtensions
CAGetCertTypeProperty
CASetCertTypeKeySpec
CASetCertTypePropertyEx
CAIsCertTypeCurrent
CACloseCertType
CAOIDFreeProperty
CAOIDDelete
CASetCertTypeFlagsEx
CASetCertTypeExpiration
CACloneCertType
CACertTypeGetSecurity
CAOIDGetProperty
CAFreeCertTypeProperty
CAGetCertTypeFlagsEx
CAUpdateCertType
CASetCertTypeExtension
CAOIDSetProperty
CADeleteCertType

usp10

ScriptGetFontProperties

Sections

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72934eaabb4f0618a856513dd8d0551b

Headers

File Characteristics

Imports

ntdll

netapi32

ole32

kernel32

crypt32

msvcrt

shell32

user32

certcli

usp10

Sections

.rdata Size: 8KB - Virtual size: 7KB

.text Size: 512B - Virtual size: 432B

.idata Size: 5KB - Virtual size: 4KB

.data Size: - Virtual size: 144KB

.rsrc Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 432B

.idata
Size: 5KB - Virtual size: 4KB

.data
Size: - Virtual size: 144KB

.rsrc
Size: 20KB - Virtual size: 19KB