4b3334c691bcb436f3495488f47d6e0c

Sharing

Copy URL Twitter E-mail

General

Target

4b3334c691bcb436f3495488f47d6e0c
Size

387KB
MD5

4b3334c691bcb436f3495488f47d6e0c
SHA1

45a57c6772664f3b81b4fe13ae29bcb8f17376eb
SHA256

7c140d394779e86d131b26a6e3d14fea7874ceb6eb0390438ded784be27c7d42
SHA512

c8efc5d2d16f938491dcf4de899641043ae2b2deca9f2883960e36309ce119880982e142df72c3de2f59589079b56a1d02e79f4c34c889b5326d0bf052591515
SSDEEP

6144:bKm/CBBPsTy6efK1LIFOOyV3ACYahSZvVQdm1UtdmXEGbfMt0HR9fG8jvu31xRWa:bKefhrp1vkvVqY1EGjiGG6S1xorR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b3334c691bcb436f3495488f47d6e0c

Files

4b3334c691bcb436f3495488f47d6e0c
.exe windows:4 windows x86 arch:x86

d901d6e8bc1acbdefd7540b0a8a4202e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DuplicateIcon
SHFileOperation
SHInvokePrinterCommandA
SHGetInstanceExplorer
ShellExecuteW
SHBrowseForFolder
DragQueryFileA
ExtractIconEx
SHGetFileInfoA

user32

RegisterClassW
AdjustWindowRect
DdeUnaccessData
MapDialogRect
CopyIcon
ChangeDisplaySettingsExW
ActivateKeyboardLayout
DdeCmpStringHandles
InflateRect
ClientToScreen
DialogBoxParamA
MenuItemFromPoint

wininet

FindFirstUrlCacheContainerW
FtpRemoveDirectoryA
GopherGetLocatorTypeA
DeleteUrlCacheContainerA
InternetQueryOptionA
InternetSetDialStateW
InternetCreateUrlW
DeleteUrlCacheContainerW
GopherFindFirstFileA
GetUrlCacheGroupAttributeA
RetrieveUrlCacheEntryStreamW
InternetTimeToSystemTimeA
InternetGetConnectedStateEx
FtpCreateDirectoryW
RunOnceUrlCache
FindNextUrlCacheGroup
IsUrlCacheEntryExpiredA

comdlg32

GetOpenFileNameA
GetSaveFileNameW

kernel32

HeapAlloc
GetDiskFreeSpaceW
EnumTimeFormatsW
VirtualAlloc
GetProcAddress
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentProcessId
InterlockedExchange
GetLogicalDrives
LoadLibraryA
FillConsoleOutputCharacterA
TerminateProcess
GetCurrentProcess
HeapFree
OpenWaitableTimerA
RtlUnwind
GetStringTypeA
GetCurrentThreadId
HeapReAlloc
GetTickCount
GetSystemTimeAsFileTime
GetModuleHandleA
SetEnvironmentVariableW
VirtualQuery
ExitProcess

advapi32

RegCreateKeyExW
CryptSetProvParam
RegDeleteKeyW
DuplicateTokenEx
RegOpenKeyExW
CryptEnumProvidersW
RegQueryValueExA
CryptExportKey
CryptSetProviderW

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d901d6e8bc1acbdefd7540b0a8a4202e

Headers

File Characteristics

Imports

shell32

user32

wininet

comdlg32

kernel32

advapi32

Sections

.text Size: 111KB - Virtual size: 110KB

.data Size: 264KB - Virtual size: 263KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 111KB - Virtual size: 110KB

.data
Size: 264KB - Virtual size: 263KB

.rsrc
Size: 11KB - Virtual size: 11KB