476c6668530f3c50a4b6c103fc0d4d8b

Sharing

Copy URL Twitter E-mail

General

Target

476c6668530f3c50a4b6c103fc0d4d8b
Size

183KB
MD5

476c6668530f3c50a4b6c103fc0d4d8b
SHA1

f3291aa7bbf8e9fa861d40aa46557b373bf8aade
SHA256

55ab2c192e777efe72d13dac7dd7f1a07941fb127fce19e0b307586242267877
SHA512

f35b7e18f4ace2014d637e2313edbb6edeee815a8abfa53b90c596648eb25fd29a81ee08673fef5701a03df867721ba9d9d5e80c0789be7c4cf7fa181a8c9d20
SSDEEP

3072:PnRaWrsIw8PuclwGUK403wdAZZzNf8SlcyeR6/dE:PRAIFHqY4030AZZzNf82cyV2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476c6668530f3c50a4b6c103fc0d4d8b

Files

476c6668530f3c50a4b6c103fc0d4d8b
.exe windows:4 windows x86 arch:x86

c39f00a052103fd2df7ca1679b485d0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
CreateEventA
GetModuleFileNameW
GetCommandLineA
MultiByteToWideChar
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrlenW
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceA
GlobalAlloc
GlobalUnlock
GlobalLock
DeleteCriticalSection
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetFileAttributesA
GetFileAttributesW
GetVersionExA
FindClose
FindNextFileW
FindFirstFileW
FindNextFileA
FindFirstFileA
lstrcpynA
MulDiv
WriteFile
SleepEx
CreateFileA
GetModuleHandleA
ResetEvent
GetCurrentThreadId
OutputDebugStringA
DebugBreak
lstrlenA
RemoveDirectoryA
InterlockedIncrement
WaitForMultipleObjects
GetTempPathA
CreateProcessA
GetTempFileNameA
WaitForSingleObject
CloseHandle
Sleep
DeleteFileA
SetEvent
InterlockedDecrement
ExpandEnvironmentStringsA
CreateDirectoryA
WideCharToMultiByte
GetStartupInfoA

user32

SetFocus
GetSysColor
CharUpperA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetFocus
GetWindow
GetWindowLongA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateDialogIndirectParamA
IsChild
SetWindowPos
GetWindowRect
SetWindowLongA
PostThreadMessageA
GetDesktopWindow
GetDlgItem
IsWindowVisible
SendMessageA
CharNextA
wvsprintfA
LoadStringA
PostMessageA
LoadImageA
GetSystemMetrics
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
DestroyWindow
GetClientRect
MessageBoxA
CharLowerA
ShowWindow
EnableWindow
CreateWindowExA
wsprintfA
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
GetClassNameA
RedrawWindow
IsWindow
BeginPaint
FillRect
EndPaint
CallWindowProcA
GetDC
ReleaseDC
IsDialogMessageA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SelectObject
DPtoLP
CreateFontIndirectA
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
GetObjectA
CreateSolidBrush
SetBkColor

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHAppBarMessage
SHGetFolderPathW
SHGetFolderPathA
ord680

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
LoadRegTypeLi
SysStringLen
DispCallFunc
OleCreateFontIndirect

comctl32

InitCommonControlsEx

msvcp60

?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z

wininet

InternetReadFile
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
HttpSendRequestA
InternetCloseHandle

iphlpapi

GetAdaptersInfo

msvcrt

sscanf
fwrite
strstr
ftell
realloc
strcpy
calloc
_wfopen
fseek
strlen
free
_purecall
strtok
_mbscmp
atoi
_ismbcdigit
_mbsstr
_mbsrchr
wcslen
memmove
memcpy
_beginthreadex
fopen
fread
fclose
memcmp
memset
strcat
strncpy
??2@YAPAXI@Z
__CxxFrameHandler
wcscmp
wcscat
wcscpy
strcmp
abs
_mbschr
_ismbcspace
strtoul
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
exit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c39f00a052103fd2df7ca1679b485d0d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msvcp60

wininet

iphlpapi

msvcrt

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 18KB - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 18KB - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 8KB