4a01b2c783a4181685f715c55f9ba927

Sharing

Copy URL

Twitter E-mail

General

Target

4a01b2c783a4181685f715c55f9ba927
Size

244KB
MD5

4a01b2c783a4181685f715c55f9ba927
SHA1

66af34054ed212593113e5e2690f75e75df0bedb
SHA256

58170d8a69232aa9b97341f877a4d4c9368ecc09c289a1610d9531ebf420d9e0
SHA512

48227ea0d4f2b3b29f5780efd5668edd4a7f59447464dc7c281bb8b77d7f54de7fc6bfa093bb656a3bab409e3e42985dd8082afd78952ed19b5c0c43e9375eef
SSDEEP

3072:pw7QdpuaJyDAwIc1ohLy8wsETytLOTMj/Q6wNpucQvsA8WxVvxKiZpGgJMMWCimy:pOVaJzwnrFwOT0o60pssz2vX6gX+H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a01b2c783a4181685f715c55f9ba927

Files

4a01b2c783a4181685f715c55f9ba927
.exe windows:4 windows x86 arch:x86

d2ac2124058f91c3e9dc29dc8cc8474e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreateSequential

mfc42

ord6283
ord2614
ord536
ord2582
ord4402
ord3370
ord3640
ord3610
ord3721
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord656
ord693
ord795
ord641
ord1146
ord326
ord4234
ord2642
ord6215
ord4204
ord6199
ord3996
ord2078
ord6442
ord2116
ord4710
ord2645
ord3873
ord3874
ord353
ord2820
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord817
ord565
ord3957
ord2726
ord4226
ord6880
ord3698
ord765
ord1105
ord2108
ord1138
ord2463
ord690
ord1988
ord5354
ord5355
ord5356
ord5207
ord389
ord1651
ord940
ord1199
ord1205
ord858
ord614
ord290
ord6662
ord4129
ord818
ord3072
ord6874
ord4220
ord2584
ord3654
ord715
ord415
ord2438
ord755
ord470
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord1768
ord5785
ord5802
ord1644
ord1081
ord3097
ord3092
ord3089
ord2841
ord5953
ord3797
ord6930
ord3803
ord2107
ord5450
ord5440
ord6383
ord6394
ord692
ord616
ord404
ord922
ord859
ord6282
ord2764
ord1158
ord4278
ord4277
ord924
ord2763
ord355
ord926
ord6779
ord5856
ord6929
ord5683
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord815
ord561
ord2454
ord2621
ord1247
ord1134
ord1151
ord1193
ord2725
ord1248
ord5651
ord3126
ord350
ord1832
ord1871
ord6453
ord2170
ord4224
ord535
ord4160
ord3579
ord4622
ord3811
ord3337
ord551
ord2864
ord2379
ord2859
ord4299
ord4275
ord2414
ord3626
ord3663
ord567
ord1641
ord609
ord3574
ord4424
ord5261
ord4441
ord5290
ord5241
ord4396
ord4078
ord3619
ord3402
ord2575
ord6374
ord4413
ord2393
ord4436
ord5252
ord4242
ord825
ord366
ord1168
ord674
ord4427
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4837
ord3798
ord1665
ord2649
ord5282
ord4353
ord5163
ord2385
ord5237
ord4407
ord1776
ord4077
ord6055
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord1842
ord823
ord537
ord2818
ord941
ord939
ord540
ord860
ord800
ord4202
ord5710
ord1106
ord2915
ord5572
ord4203
ord6877
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
strncpy
free
_strdup
strrchr
strtoul
floor
ceil
_CIpow
strtol
strstr
clearerr
fgets
_fsopen
_CxxThrowException
atof
isdigit
strncmp
_getpid
sprintf
_ftol
isspace
_mbscmp
atoi
_purecall
strchr
atol
fopen
fread
ftell
fseek
fwrite
fflush
fclose
__CxxFrameHandler
wcslen
_strnicmp
_stricmp
_setmbcp
_controlfp

kernel32

Beep
SizeofResource
FindClose
lstrcmpiA
CreateProcessA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
GetTempPathA
Sleep
GetCurrentProcess
DuplicateHandle
TerminateThread
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateMutexA
ReleaseMutex
GetTickCount
GetExitCodeThread
ResetEvent
ResumeThread
WaitForSingleObject
GetLastError
FormatMessageA
lstrcpynA
LocalFree
WriteFile
FlushFileBuffers
InterlockedDecrement
lstrlenA
FindResourceA
LoadResource
LockResource
CopyFileA
DeleteFileA
GetComputerNameA
SystemTimeToFileTime
SetFileTime
CreateDirectoryA
GetModuleHandleA
MoveFileA
SetEvent
lstrcpyA
lstrcatA
CreateFileA
DeviceIoControl
CloseHandle
FindNextFileA
GetSystemTime
RemoveDirectoryA
SetCurrentDirectoryA
GetFileAttributesA
lstrcmpA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcessId
ReadFile
GetLongPathNameA
GetModuleFileNameA
GetVersionExA
GetProcAddress
SetFileAttributesA
GetTempFileNameA
GetFileTime
EnumResourceNamesA
GetVolumeInformationA
GetDefaultCommConfigA
SetCommState
EscapeCommFunction
GetCommModemStatus
PurgeComm
SetupComm
SetCommTimeouts
GetCommTimeouts
BuildCommDCBA
GetStartupInfoA
GetFileAttributesExA
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
CreateEventA
FindFirstFileA

user32

IsClipboardFormatAvailable
OpenClipboard
DrawIcon
GetSystemMetrics
SetTimer
SetActiveWindow
SetWindowLongA
SetMenu
CreateMenu
AppendMenuA
KillTimer
EnableMenuItem
UpdateWindow
CheckMenuItem
GetMenuState
GetAncestor
SetWindowTextA
GetGUIThreadInfo
IsChild
IsIconic
SetClipboardData
EmptyClipboard
RegisterWindowMessageA
RegisterClassA
CloseClipboard
UnregisterClassA
GetWindowThreadProcessId
SetFocus
PostMessageA
PostQuitMessage
UnregisterHotKey
MapVirtualKeyA
SendInput
RegisterHotKey
LoadImageA
DestroyMenu
SendMessageTimeoutA
GetWindowTextA
EnumWindows
GetDlgItem
GetWindowRect
LoadIconA
SendMessageA
GetWindowLongA
GetDlgCtrlID
BeginPaint
CreatePopupMenu
InsertMenuItemA
GetClipboardData
GetClientRect
FindWindowA
WaitForInputIdle
IsWindowVisible
ShowWindow
SystemParametersInfoA
GetLastActivePopup
EndPaint
TrackMouseEvent
DefWindowProcA
EnableWindow
GetParent
ScreenToClient
SetCursor
GetDC
TrackPopupMenu
MessageBoxA
EnumChildWindows
IsWindow
GetDesktopWindow
IsZoomed
ReleaseDC
LoadCursorA
GetCursorPos
GetClassNameA
SetForegroundWindow

gdi32

TextOutA
SelectObject
GetTextExtentPoint32A
GetObjectA
CreateFontA
SetTextColor
SetMapMode

winspool.drv

OpenPrinterA
StartDocPrinterA
ClosePrinter
EnumPrintersA
ord201
StartPagePrinter
WritePrinter
EndPagePrinter
EndDocPrinter

advapi32

RegCloseKey
RegCreateKeyExA
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHBrowseForFolderA
SHGetFolderPathA
Shell_NotifyIconA
SHGetFolderLocation
SHGetMalloc
ShellExecuteExA
SHGetPathFromIDListA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance
OleRun
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal

olepro32

ord251

oleaut32

SysFreeString
SysAllocString
VariantClear
GetErrorInfo

odbc32

ord27
ord43
ord61
ord10
ord8
ord23
ord20
ord18
ord11
ord72
ord16
ord26
ord31
ord7
ord41
ord75
ord24
ord9
ord13

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2ac2124058f91c3e9dc29dc8cc8474e

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

version

rpcrt4

mfc42

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

olepro32

oleaut32

odbc32

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 14KB - Virtual size: 17KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 14KB - Virtual size: 17KB

.rsrc
Size: 7KB - Virtual size: 7KB