4b18c838e8e2136af246e82fb7475fe7

Sharing

Copy URL Twitter E-mail

General

Target

4b18c838e8e2136af246e82fb7475fe7
Size

273KB
MD5

4b18c838e8e2136af246e82fb7475fe7
SHA1

dc5ab997dad757b2076403dce4cf939aba77fc1a
SHA256

e6e52d6527e557d75860b01d2d09d221cd675b7475c85e7cc49023c39c4bcb75
SHA512

9758f79dd48e2345f720f3dbfde5b66ad30c3b04092b2751951d916c0d3ac7a1e7eef8060178c50de20bc05190c7bf845a0f30ac98f67668582c1657360387ec
SSDEEP

6144:8GU68yatkuzDgrTv4F9w65t904w00DFSHnWCQbScseGPTm8qlx/ggjbK0:8Hi3uPgrgx5bupRSH9e18sD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b18c838e8e2136af246e82fb7475fe7

Files

4b18c838e8e2136af246e82fb7475fe7
.exe windows:4 windows x86 arch:x86

b7e72839e8a7c8d7f35030453217ec28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
InterlockedIncrement
GetSystemTime
GetModuleHandleW
CreateProcessW
GetFileAttributesExW
GetTickCount
CloseHandle
lstrcpyW
ResumeThread
VirtualAlloc
FindNextFileW
MoveFileW
GetCurrentThread
Sleep
FindClose
SuspendThread
ResetEvent
WaitForSingleObject
FindNextChangeNotification
ExitProcess
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
IsBadReadPtr
LoadLibraryA
VirtualProtect
FindFirstChangeNotificationW
GetCurrentProcessId
FreeLibrary
GetFileAttributesW
CancelWaitableTimer
WritePrivateProfileStringW
GetModuleFileNameW
FindResourceExW
GetUserDefaultLangID
WriteFile
WideCharToMultiByte
SetEndOfFile
VirtualFree
SetFilePointer
GlobalLock
SetEvent
GlobalDeleteAtom
GetPrivateProfileStringW
QueryDosDeviceW
SizeofResource
GlobalUnlock
TerminateThread
CreateEventW
SetCurrentDirectoryW
CreateThread
FindResourceW
ReadFile
GetFileSize
GetCurrentThreadId
WaitForMultipleObjects

user32

AppendMenuW
SetForegroundWindow
FillRect
LoadBitmapW
IsWindow
SendMessageW
DestroyIcon
InvalidateRect
GetWindowDC
SetDlgItemTextW
WindowFromPoint
TrackPopupMenu
DialogBoxParamW
SetWindowTextW
GetSysColor
IsDlgButtonChecked
VkKeyScanW
OffsetRect
RegisterHotKey
SendDlgItemMessageW
UpdateWindow
RedrawWindow
GetMessageW
DefWindowProcW
TranslateMessage
EnableWindow
PostThreadMessageW
ReleaseCapture
SetCursor
SetCursorPos
PostMessageW
GetDlgItem
LoadIconW
RegisterWindowMessageW
LoadStringW
CreatePopupMenu
LoadImageW
ReleaseDC
DestroyMenu
PostQuitMessage
SystemParametersInfoW
SetCapture
DrawTextW
GetWindowTextW

gdi32

CreatePen
SetBkColor
SelectObject
GetMapMode
GetDeviceCaps
DPtoLP
CreateCompatibleDC
CreateSolidBrush
GetObjectW
StretchBlt
MoveToEx
CreateDCW
GetClipBox
DeleteDC
SetTextColor
GetStockObject
Rectangle
SetBkMode

advapi32

RegSetValueExW
InitializeSecurityDescriptor
RegQueryValueExW
LookupPrivilegeValueW
StartServiceW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
GetUserNameW

shell32

Shell_NotifyIconW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize

oleaut32

OleLoadPicture

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7e72839e8a7c8d7f35030453217ec28

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 236KB - Virtual size: 233KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 28KB - Virtual size: 24KB

.text
Size: 236KB - Virtual size: 233KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 28KB - Virtual size: 24KB