491f9b1ebb5927a40fdd3743a2e30bdc

Sharing

Copy URL Twitter E-mail

General

Target

491f9b1ebb5927a40fdd3743a2e30bdc
Size

205KB
MD5

491f9b1ebb5927a40fdd3743a2e30bdc
SHA1

1e418a371c5a5a2e813c08f06744bb5af091b3e7
SHA256

ebf71af53e8e0dfba2a5cd80c57b667905340622c06d4834310f54689ca3734d
SHA512

9f24c83c9dd2ca1a1e27dabb76fbd4cd61e6d89eefb51fbaa82c0050cf89b012de8c1fc7630687370c58c77ccba804092f8893b971c19793e4c5b4c4494f9e35
SSDEEP

6144:WM6Oy2i78bWaR8pNhLh2q7Un4rNGyiDnh6zeB3:Qh2+LHhLh2q73UDhAeB3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
491f9b1ebb5927a40fdd3743a2e30bdc

Files

491f9b1ebb5927a40fdd3743a2e30bdc
.exe windows:4 windows x86 arch:x86

0b2637634ed53cbb70a89d5c43ac178e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetOpenFileNameA
ReplaceTextA
GetSaveFileNameA
ChooseColorA
GetOpenFileNameW
GetSaveFileNameW
PageSetupDlgW
GetFileTitleW
ChooseFontA
PrintDlgA
FindTextW
LoadAlterBitmap
ChooseFontW
PageSetupDlgA

wininet

GetUrlCacheEntryInfoW
DeleteUrlCacheEntryA
InternetAutodialHangup
UnlockUrlCacheEntryFile
UrlZonesDetach
FindFirstUrlCacheEntryA
RetrieveUrlCacheEntryFileW
InternetAutodial
SetUrlCacheEntryGroupW
FindNextUrlCacheEntryExA
FtpGetFileSize
FindNextUrlCacheContainerW
InternetConnectW
RegisterUrlCacheNotification
FtpGetCurrentDirectoryW

user32

SetWindowRgn
SetLastErrorEx

shell32

SHFreeNameMappings

kernel32

MultiByteToWideChar
GetProfileIntW
GetStartupInfoW
FreeEnvironmentStringsA
HeapReAlloc
GetCurrentThreadId
GetNamedPipeHandleStateW
SetConsoleCP
GetLastError
GetStartupInfoA
LeaveCriticalSection
LoadLibraryA
GetVersion
HeapCreate
GetTickCount
GetModuleFileNameW
TlsGetValue
SetThreadLocale
WriteFile
GetModuleHandleA
GetModuleFileNameA
GetFileTime
DeleteAtom
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
CreateNamedPipeW
lstrcatA
GetCurrentProcess
TlsFree
GetEnvironmentStrings
HeapFree
VirtualFree
SetLastError
ExitProcess
EnterCriticalSection
GetFileType
FindFirstFileW
ReadConsoleOutputCharacterW
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
IsBadWritePtr
TlsSetValue
GetCommandLineA
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineW
FindAtomW
GetProcAddress
VirtualQuery
InitializeCriticalSection
HeapDestroy
CreateRemoteThread
OpenMutexW
TerminateProcess
GetUserDefaultLangID
DeleteCriticalSection
InterlockedExchange
HeapAlloc
QueryPerformanceCounter
GetEnvironmentStringsW
ExitThread
GetThreadContext
TlsAlloc
VirtualAlloc
GetThreadPriorityBoost
SetHandleCount
LocalReAlloc
GetCurrentThread

gdi32

GetNearestColor
Escape
GetCharWidth32W
SetMapMode
EnumFontFamiliesExW
CreateEnhMetaFileA
SetTextJustification
ChoosePixelFormat
SwapBuffers
RemoveFontResourceW
CreateBitmap
CheckColorsInGamut
SetMagicColors
WidenPath
ExtFloodFill
PatBlt
GetMetaFileBitsEx
GetCharWidthFloatW

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b2637634ed53cbb70a89d5c43ac178e

Headers

File Characteristics

Imports

comdlg32

wininet

user32

shell32

kernel32

gdi32

Sections

.text Size: 89KB - Virtual size: 89KB

.data Size: 104KB - Virtual size: 108KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 89KB - Virtual size: 89KB

.data
Size: 104KB - Virtual size: 108KB

.rsrc
Size: 10KB - Virtual size: 9KB