4ba6d32bd75124d105c6894dd9c1fd22

Sharing

Copy URL Twitter E-mail

General

Target

4ba6d32bd75124d105c6894dd9c1fd22
Size

433KB
MD5

4ba6d32bd75124d105c6894dd9c1fd22
SHA1

3cc15eb0bc4fdb1f777ef24e04abf5e06cd51731
SHA256

aecaf96676bdd8c5a6fdf2699e56a79ca3818d7daf6abdc126e4e7c5339d20ad
SHA512

30bbc754b31f06a65c1cec960e0cc5ea9c87102a004296a118ba291b075cb99676ef5173b59b73c8b80050aac1e3a8b13052f4cc5d0e56589b9f00ce2fe85d13
SSDEEP

6144:v9D75PqiWjz6l01PGgomQtVdNwzcR0amirDbnaWaitbAH4mbQy:v9D75pWX6S1PGgoHVvwzr9izKFbQy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ba6d32bd75124d105c6894dd9c1fd22

Files

4ba6d32bd75124d105c6894dd9c1fd22
.exe windows:4 windows x86 arch:x86

d5f31efb23594f05deef9e0655ba78c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
ReplaceTextA

wininet

InternetSetCookieW
GopherOpenFileA
CreateUrlCacheGroup
InternetShowSecurityInfoByURLW
RetrieveUrlCacheEntryStreamA
DetectAutoProxyUrl
GopherGetLocatorTypeA
InternetCheckConnectionA
FtpRemoveDirectoryA
SetUrlCacheGroupAttributeA
InternetCreateUrlA
FindFirstUrlCacheContainerW
InternetOpenA
InternetGetCertByURL
FindNextUrlCacheEntryExW
GetUrlCacheEntryInfoA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetShowSecurityInfoByURLA

user32

AdjustWindowRect
OffsetRect
ReplyMessage
InsertMenuItemA
DlgDirSelectComboBoxExW
CheckRadioButton
IsCharLowerA
EnumChildWindows
GetMonitorInfoA

advapi32

RegReplaceKeyW
CryptGetKeyParam
DuplicateToken
ReportEventW
ReportEventA
CryptGenKey
LogonUserA
CryptGetUserKey
CryptSetProviderA
LookupPrivilegeNameW
RegSetKeySecurity
RegSetValueExA
LookupAccountSidA
RegCreateKeyW
CryptEnumProvidersW

kernel32

VirtualQuery
ExitProcess
GetProcessHeap
InterlockedExchange
GetTimeFormatA
WideCharToMultiByte
GetComputerNameW
CompareStringW
lstrcmpW
InterlockedIncrement
QueryPerformanceCounter
SetLastError
FreeLibrary
GlobalReAlloc
LocalShrink
GetLogicalDrives
FillConsoleOutputCharacterA
GetLastError
EnterCriticalSection
TlsAlloc
GetLocaleInfoW
GetOEMCP
GetVersionExA
CreateDirectoryA
HeapSize
HeapFree
GetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsW
WriteFile
GetDateFormatA
GetCurrentProcessId
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
GetDiskFreeSpaceExA
GetStringTypeA
TlsFree
GetCPInfo
EnumSystemLocalesA
LCMapStringA
IsDebuggerPresent
GetEnvironmentStringsW
MultiByteToWideChar
TlsGetValue
SetConsoleMode
GetACP
TlsSetValue
GetEnvironmentStrings
UnhandledExceptionFilter
GetCommandLineA
GetModuleFileNameA
CompareStringA
SetConsoleCtrlHandler
IsValidCodePage
DeleteCriticalSection
HeapCreate
Sleep
GetFileType
LeaveCriticalSection
GetUserDefaultLCID
HeapReAlloc
HeapDestroy
IsValidLocale
GetLocaleInfoA
GetTickCount
FreeEnvironmentStringsA
GetStringTypeW
VirtualAlloc
TerminateProcess
WriteConsoleInputW
InterlockedDecrement
GetModuleHandleA
VirtualFree
PulseEvent
GetCurrentProcess
InitializeCriticalSection
WriteProfileSectionW
GetCurrentThreadId
GetCurrentThread
GetProcAddress
SetEnvironmentVariableA
SetHandleCount
GetCurrencyFormatA
LoadLibraryA
SetLocalTime
GetTempFileNameA
LCMapStringW
GetStartupInfoA
SetUnhandledExceptionFilter
lstrlenA

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5f31efb23594f05deef9e0655ba78c0

Headers

File Characteristics

Imports

comdlg32

wininet

user32

advapi32

kernel32

Sections

.text Size: 138KB - Virtual size: 137KB

.data Size: 280KB - Virtual size: 279KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 138KB - Virtual size: 137KB

.data
Size: 280KB - Virtual size: 279KB

.rsrc
Size: 14KB - Virtual size: 14KB