4b54094410164180145688f349a4cb71

Sharing

Copy URL Twitter E-mail

General

Target

4b54094410164180145688f349a4cb71
Size

32KB
MD5

4b54094410164180145688f349a4cb71
SHA1

d833034e63a0a8835432e5d35ce1b6b888d6886a
SHA256

4a81226181070e92633361c6549da9f39cd48a15548db8693e10979588352f92
SHA512

6814fca73d975e7ed54e741623c651e353bbb75b072907a386f4ef3041133a205533fad3efa1874b2d648d0eae2f74aea3265a203fb7fe8ee5d51772d0f6ae6f
SSDEEP

768:e0i0A1f+vfog4FjUs4OOdzma5XKCp22AQAFsMK:eD1WnoNNzMD5/Jb

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PRKILLER_1.EXE
unpack001/prkiller_2.exe
unpack001/prkiller_3.exe
unpack001/prkiller_4.exe

Files

4b54094410164180145688f349a4cb71
.rar
PRKILLER_1.EXE
.exe windows:4 windows x86 arch:x86

e1458a5db36c3747f9af77d71e202721

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
CreateProcessA
OpenProcess
Sleep
WaitForSingleObject
CloseHandle
ReleaseMutex
GetWindowsDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
EnumResourceNamesA
WideCharToMultiByte
CreateThread
GetModuleFileNameA
Beep
TerminateProcess
GetCurrentProcessId
SuspendThread
ResumeThread
FindClose
FindFirstFileA
ReadProcessMemory
VirtualQueryEx
GetCommandLineW
OpenMutexA
ExitProcess
GetStartupInfoA
CreateMutexA
GetCurrentProcess
SetPriorityClass
GetVersion
GetProcAddress
GetModuleHandleA
SetProcessShutdownParameters
LoadLibraryA
GetTickCount
FreeLibrary

user32

GetAsyncKeyState
SystemParametersInfoA
CreateIconFromResource
ShowWindow
KillTimer
TranslateMessage
DispatchMessageA
GetClientRect
IsWindow
SendMessageA
CreateWindowExA
SetWindowPos
UnregisterHotKey
FindWindowA
FindWindowExA
MessageBeep
GetWindow
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
CreatePopupMenu
AppendMenuA
TrackPopupMenu
PostMessageA
DestroyMenu
EndDialog
CallWindowProcA
MessageBoxA
GetMessageA
SetDlgItemTextA
wsprintfA
SetWindowTextA
LoadIconA
GetWindowTextA
LoadImageA
GetWindowRect
GetSystemMetrics
IntersectRect
SetFocus
DialogBoxParamA
GetDlgItem
SetTimer
SetWindowLongA
RegisterHotKey
LookupIconIdFromDirectoryEx
DestroyIcon
ActivateKeyboardLayout

shell32

ShellExecuteA

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

__set_app_type
_adjust_fdiv
__setusermatherr
__p__commode
__getmainargs
_acmdln
_initterm
_XcptFilter
_exit
exit
__dllonexit
_except_handler3
_onexit
fprintf
fgets
__p__fmode
strchr
fwrite
fopen
fread
fclose
_ltoa
_gcvt
memmove
strlen
strcmp
strcat
malloc
free
_stricmp
strcpy
memset
??3@YAXPAX@Z
_controlfp

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
prkiller_2.exe
.exe windows:4 windows x86 arch:x86

52d25bfaf4813b14bed6daf3cdfcc8b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
CreateProcessA
OpenProcess
Sleep
WaitForSingleObject
CreateThread
ReleaseMutex
GetWindowsDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
EnumResourceNamesA
WideCharToMultiByte
CloseHandle
GetModuleFileNameA
Beep
TerminateProcess
GetCurrentProcessId
SuspendThread
ResumeThread
FindClose
FindFirstFileA
ReadProcessMemory
VirtualQueryEx
GetCommandLineW
OpenMutexA
ExitProcess
GetStartupInfoA
CreateMutexA
GetCurrentProcess
SetPriorityClass
GetVersion
SetProcessShutdownParameters
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetTickCount
FreeLibrary

user32

GetAsyncKeyState
SystemParametersInfoA
CreateIconFromResource
ShowWindow
KillTimer
TranslateMessage
DispatchMessageA
GetClientRect
IsWindow
SendMessageA
CreateWindowExA
SetWindowPos
UnregisterHotKey
FindWindowA
FindWindowExA
MessageBeep
GetWindow
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
ActivateKeyboardLayout
CreatePopupMenu
AppendMenuA
TrackPopupMenu
PostMessageA
EndDialog
CallWindowProcA
MessageBoxA
GetMessageA
SetDlgItemTextA
wsprintfA
SetWindowTextA
LoadIconA
GetWindowTextA
LoadImageA
GetWindowRect
GetSystemMetrics
IntersectRect
SetFocus
DialogBoxParamA
GetDlgItem
SetTimer
SetWindowLongA
RegisterHotKey
LookupIconIdFromDirectoryEx
DestroyIcon
DestroyMenu

shell32

ShellExecuteA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

__set_app_type
_adjust_fdiv
__setusermatherr
__p__commode
__getmainargs
_acmdln
_initterm
_XcptFilter
_exit
exit
__dllonexit
_except_handler3
_onexit
fprintf
fgets
__p__fmode
strchr
fwrite
fopen
fread
fclose
_ltoa
_gcvt
memmove
strlen
strcmp
strcat
malloc
free
_stricmp
strcpy
memset
??3@YAXPAX@Z
_controlfp

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
prkiller_3.exe
.exe windows:4 windows x86 arch:x86

ed7a83b0818a548afd306e86600822b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesA
CreateProcessA
TerminateProcess
OpenProcess
Sleep
CloseHandle
ReleaseMutex
LoadLibraryExA
GetWindowsDirectoryA
SizeofResource
LockResource
LoadResource
WaitForSingleObject
FindResourceA
CreateThread
FreeLibrary
GetModuleFileNameA
Beep
GetCurrentProcessId
SuspendThread
ResumeThread
FindClose
FindFirstFileA
ReadProcessMemory
VirtualQueryEx
GetCommandLineW
OpenMutexA
ExitProcess
GetStartupInfoA
CreateMutexA
GetCurrentProcess
SetPriorityClass
GetVersion
GetProcAddress
GetModuleHandleA
SetProcessShutdownParameters
LoadLibraryA
WideCharToMultiByte
GetTickCount

user32

GetAsyncKeyState
SystemParametersInfoA
CreateIconFromResource
ShowWindow
KillTimer
TranslateMessage
DispatchMessageA
GetClientRect
IsWindow
SendMessageA
CreateWindowExA
SetWindowPos
UnregisterHotKey
FindWindowA
FindWindowExA
MessageBeep
GetWindow
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
CreatePopupMenu
AppendMenuA
TrackPopupMenu
PostMessageA
DestroyMenu
EndDialog
CallWindowProcA
MessageBoxA
GetMessageA
SetDlgItemTextA
wsprintfA
SetWindowTextA
LoadIconA
GetWindowTextA
LoadImageA
GetWindowRect
GetSystemMetrics
IntersectRect
SetFocus
DialogBoxParamA
GetDlgItem
SetTimer
SetWindowLongA
RegisterHotKey
LookupIconIdFromDirectoryEx
DestroyIcon
ActivateKeyboardLayout

shell32

ShellExecuteA

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

__set_app_type
_adjust_fdiv
__setusermatherr
__p__commode
__getmainargs
_acmdln
_initterm
_XcptFilter
_exit
exit
__dllonexit
_except_handler3
_onexit
fprintf
fgets
__p__fmode
strchr
fwrite
fopen
fread
fclose
_ltoa
_gcvt
memmove
strlen
strcmp
strcat
malloc
free
_stricmp
strcpy
memset
??3@YAXPAX@Z
_controlfp

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
prkiller_4.exe
.exe windows:4 windows x86 arch:x86

9b4e4983a1b7980f46b4c2d27188a57c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesA
CreateProcessA
TerminateProcess
OpenProcess
Sleep
CreateThread
ReleaseMutex
LoadLibraryExA
GetWindowsDirectoryA
SizeofResource
LockResource
LoadResource
WaitForSingleObject
FindResourceA
CloseHandle
FreeLibrary
GetModuleFileNameA
Beep
GetCurrentProcessId
SuspendThread
ResumeThread
FindClose
FindFirstFileA
ReadProcessMemory
VirtualQueryEx
GetCommandLineW
OpenMutexA
ExitProcess
GetStartupInfoA
CreateMutexA
GetCurrentProcess
SetPriorityClass
GetVersion
SetProcessShutdownParameters
GetModuleHandleA
GetProcAddress
LoadLibraryA
WideCharToMultiByte
GetTickCount

user32

GetAsyncKeyState
SystemParametersInfoA
CreateIconFromResource
ShowWindow
KillTimer
TranslateMessage
DispatchMessageA
GetClientRect
IsWindow
SendMessageA
CreateWindowExA
SetWindowPos
UnregisterHotKey
FindWindowA
FindWindowExA
MessageBeep
GetWindow
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
ActivateKeyboardLayout
CreatePopupMenu
AppendMenuA
TrackPopupMenu
PostMessageA
EndDialog
CallWindowProcA
MessageBoxA
GetMessageA
SetDlgItemTextA
wsprintfA
SetWindowTextA
LoadIconA
GetWindowTextA
LoadImageA
GetWindowRect
GetSystemMetrics
IntersectRect
SetFocus
DialogBoxParamA
GetDlgItem
SetTimer
SetWindowLongA
RegisterHotKey
LookupIconIdFromDirectoryEx
DestroyIcon
DestroyMenu

shell32

ShellExecuteA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

__set_app_type
_adjust_fdiv
__setusermatherr
__p__commode
__getmainargs
_acmdln
_initterm
_XcptFilter
_exit
exit
__dllonexit
_except_handler3
_onexit
fprintf
fgets
__p__fmode
strchr
fwrite
fopen
fread
fclose
_ltoa
_gcvt
memmove
strlen
strcmp
strcat
malloc
free
_stricmp
strcpy
memset
??3@YAXPAX@Z
_controlfp

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1458a5db36c3747f9af77d71e202721

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

version

msvcrt

comctl32

comdlg32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 34KB

.rsrc Size: 27KB - Virtual size: 27KB

52d25bfaf4813b14bed6daf3cdfcc8b0

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

version

msvcrt

comctl32

comdlg32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 27KB - Virtual size: 27KB

ed7a83b0818a548afd306e86600822b1

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

version

msvcrt

comctl32

comdlg32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 34KB

.rsrc Size: 27KB - Virtual size: 27KB

9b4e4983a1b7980f46b4c2d27188a57c

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

version

msvcrt

comctl32

comdlg32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 34KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 34KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 27KB - Virtual size: 27KB