495bd865d897223196e8c05b76688508

Sharing

Copy URL

Twitter E-mail

General

Target

495bd865d897223196e8c05b76688508
Size

474KB
MD5

495bd865d897223196e8c05b76688508
SHA1

f53eacbaec05ea285ca7408497a1b257f28ecb12
SHA256

d5699ab278b651d0ad43e23eabbce58e3eb69d9de90b46645a5503d65b798d42
SHA512

087ec371add26fe29fdf818d201d0e3b49b181bb7d667608deafcc383461f4429c776c3d507772fbcd788b1a4a14f57921ceaf0340a1ead42559e5fa46c1908a
SSDEEP

12288:qGVeQqQvRRphC4uh2UIy/JaAJUK/8OwbsyMH:XL1XzKvDwbR+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
495bd865d897223196e8c05b76688508

Files

495bd865d897223196e8c05b76688508
.exe windows:4 windows x86 arch:x86

5c5e1cc22a56bc3fef612344a3ccac25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
LCMapStringW
SetConsoleCursorPosition
GetLongPathNameA
InitializeCriticalSection
EnterCriticalSection
HeapAlloc
LoadLibraryA
GetACP
VirtualFree
SetComputerNameW
GetEnvironmentVariableA
DeleteCriticalSection
GetEnvironmentStringsW
InterlockedExchange
TlsGetValue
GetCurrentThread
IsBadReadPtr
IsBadWritePtr
CloseHandle
GetStringTypeA
GetStartupInfoA
LCMapStringA
GetStdHandle
FindFirstFileExA
OutputDebugStringA
HeapDestroy
InterlockedIncrement
GetProcAddress
FreeEnvironmentStringsA
InterlockedDecrement
HeapFree
GetProfileSectionA
GetOEMCP
WriteProfileStringW
SetConsoleCtrlHandler
VirtualQuery
UnhandledExceptionFilter
SetFilePointer
WriteFile
GetEnvironmentStrings
SetHandleCount
FreeEnvironmentStringsW
HeapValidate
HeapReAlloc
TlsSetValue
ExitProcess
FlushFileBuffers
DebugBreak
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
TlsAlloc
GetModuleHandleA
GetVersion
SetLastError
SetStdHandle
GetCurrentThreadId
RtlUnwind
LeaveCriticalSection
GetLastError
HeapCreate
GetCurrentProcessId
GetModuleFileNameA
TlsFree
GetFileType
WriteConsoleOutputCharacterW
GetTickCount
MultiByteToWideChar
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
WideCharToMultiByte

gdi32

GetTextExtentPointW
ExtSelectClipRgn
CreateSolidBrush
CreatePolyPolygonRgn
CreateHalftonePalette
CreateScalableFontResourceW
EndDoc
EqualRgn
GetICMProfileW
GetTextAlign

shell32

DoEnvironmentSubstW
DragQueryFile
SHFreeNameMappings
SHUpdateRecycleBinIcon
RealShellExecuteExW
ExtractAssociatedIconA
SHInvokePrinterCommandW
ShellHookProc
SHFormatDrive
SHGetMalloc
SHGetInstanceExplorer
DragFinish
SHGetDesktopFolder
ShellExecuteA
DuplicateIcon
SHGetSpecialFolderPathW
ExtractIconA
SHGetSpecialFolderPathA
SHChangeNotify
ExtractIconExW
SHGetFileInfo
SHAppBarMessage
DoEnvironmentSubstA
RealShellExecuteExA
CheckEscapesW

advapi32

CryptGetDefaultProviderA
AbortSystemShutdownA
CryptDuplicateKey
RegQueryValueA
LookupPrivilegeNameW
LookupAccountSidW
InitiateSystemShutdownW
RegEnumValueW
RegSetKeySecurity
CryptSignHashA

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c5e1cc22a56bc3fef612344a3ccac25

Headers

File Characteristics

Imports

kernel32

gdi32

shell32

advapi32

Sections

.text Size: 154KB - Virtual size: 154KB

.data Size: 312KB - Virtual size: 311KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 154KB - Virtual size: 154KB

.data
Size: 312KB - Virtual size: 311KB

.rsrc
Size: 7KB - Virtual size: 6KB