48ccc8b6e9a52a271691e5bae1ba794e

Sharing

Copy URL Twitter E-mail

General

Target

48ccc8b6e9a52a271691e5bae1ba794e
Size

399KB
MD5

48ccc8b6e9a52a271691e5bae1ba794e
SHA1

92bbbe80183151b695f0d8449ef9dfbe53799a14
SHA256

ae621a41c1e953f73f65d2b6e64f77733557003ceb278cd93794de334af19583
SHA512

d0d062569047f7605dbeb64cb9711ae33b7f51893f3fd34d42e0032a0503f9e549e2e8659d5f39ac00febc9a42ec6766eb77262bd94dd03c335210dbac9bf5d6
SSDEEP

6144:63/pyFkDDQlnFmExTwu3Z9nAUjdUrdlezF1wiT4sUmYD/NK27IauvJi41dM4fW7L:63/NQpTTnoGTGId24fOyAF7AOrS4ij

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48ccc8b6e9a52a271691e5bae1ba794e

Files

48ccc8b6e9a52a271691e5bae1ba794e
.exe windows:4 windows x86 arch:x86

0410716cbde04ba3ab29140cc3812f7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegQueryMultipleValuesW
LookupSecurityDescriptorPartsA
RegCreateKeyA
CryptDeriveKey
RegEnumKeyW
CryptDestroyKey
RegQueryInfoKeyA
LookupPrivilegeNameW
RegDeleteKeyA
CryptSetProviderA
RevertToSelf
RegQueryValueExA
CryptGetDefaultProviderW

shell32

SHQueryRecycleBinW
RealShellExecuteExA
ShellHookProc
ExtractAssociatedIconW

user32

SetUserObjectInformationA
GetMenuDefaultItem
GetWindowLongA
PeekMessageA
SendNotifyMessageW
GetUserObjectInformationW
EnumDisplaySettingsA
InsertMenuA
MessageBoxIndirectA
SendMessageTimeoutA
CloseWindow
SetMenuInfo
CharUpperA
CharNextA
EnumDisplayDevicesW
CloseClipboard
GetAncestor
ChangeDisplaySettingsExA
FindWindowExA
GetMenuItemInfoA
CreateAcceleratorTableA
LoadKeyboardLayoutA
WaitForInputIdle
wsprintfA

gdi32

ExtCreateRegion
GetCharWidthW
GetWorldTransform
ExtTextOutA
GetCharABCWidthsFloatA

wininet

HttpCheckDavCompliance
HttpOpenRequestA

kernel32

CreateMailslotW
GetEnvironmentStringsW
GetStdHandle
lstrcmpi
GetVersion
TlsAlloc
GetCurrentThread
HeapDestroy
GetSystemTimeAdjustment
GetLastError
GetFileType
GlobalUnlock
GetThreadSelectorEntry
UnhandledExceptionFilter
VirtualFree
GetModuleHandleA
GetSystemTimeAsFileTime
UnmapViewOfFile
InitializeCriticalSection
ExitProcess
GetCurrentProcessId
RtlUnwind
MultiByteToWideChar
VirtualQuery
DeleteCriticalSection
TlsGetValue
GetCommandLineW
HeapReAlloc
GetTickCount
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryA
GetModuleFileNameW
SetConsoleActiveScreenBuffer
GetCurrentProcess
WriteFile
TlsFree
GetProcAddress
HeapCreate
SetHandleCount
HeapFree
VirtualProtectEx
LeaveCriticalSection
FreeEnvironmentStringsW
SetConsoleCursorInfo
SetLastError
TlsSetValue
lstrcmpiA
IsBadWritePtr
InterlockedExchange
TerminateProcess
GetCurrentThreadId
EnterCriticalSection
VirtualProtect
WaitForMultipleObjects
HeapSize
QueryPerformanceCounter
VirtualAlloc
GetStartupInfoW
GetCommandLineA
GetModuleFileNameA
HeapAlloc
AddAtomW
GetStartupInfoA
LockResource
SetVolumeLabelA

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0410716cbde04ba3ab29140cc3812f7c

Headers

File Characteristics

Imports

advapi32

shell32

user32

gdi32

wininet

kernel32

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 4KB - Virtual size: 12KB

.data Size: 275KB - Virtual size: 274KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 4KB - Virtual size: 12KB

.data
Size: 275KB - Virtual size: 274KB

.rsrc
Size: 3KB - Virtual size: 3KB