4becff71318e45a1815d55a0db4863d3

Sharing

Copy URL Twitter E-mail

General

Target

4becff71318e45a1815d55a0db4863d3
Size

415KB
MD5

4becff71318e45a1815d55a0db4863d3
SHA1

4223980b9e5d01a3a72e83cacf77d241231b7c24
SHA256

969fe3444ed9e195506a6e1acb07ea7ef9338f50ee7f09b777ca6c602d702b83
SHA512

6be400d3efbf8a300363ca5125944accf36c6430684283fb93da53f93f3991ccf8de7e52ee19fd130465a53b7071cf30b99ccafc13f2c9d8bb5d112ef4f3d7b7
SSDEEP

12288:JGse7v8MedRJIbjKaQrvgElnd496qz6K7:QzQfJ2WaQrzd66o7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4becff71318e45a1815d55a0db4863d3

Files

4becff71318e45a1815d55a0db4863d3
.exe windows:4 windows x86 arch:x86

7ac52a83b703d2641011bab688aac559

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptSetProviderExW
LookupAccountNameW
LookupAccountSidW
RegReplaceKeyW
LookupPrivilegeNameA
RegNotifyChangeKeyValue
CryptDuplicateHash
RegRestoreKeyA
RegCloseKey
RegDeleteValueW
CryptDecrypt
GetUserNameW
CryptAcquireContextA
RegEnumKeyExW
RegQueryMultipleValuesA
RegDeleteValueA
RegQueryValueExW
RegQueryValueW
CryptVerifySignatureW
AbortSystemShutdownA
RegCreateKeyExW
CryptSetProviderW
CryptSetHashParam

shell32

DragAcceptFiles
SHBrowseForFolderW
SHFileOperationW
SHGetInstanceExplorer
ShellExecuteExA
ShellExecuteExW
SHGetPathFromIDList
SHGetFileInfoW
SHGetSettings
SHUpdateRecycleBinIcon
ShellExecuteW
RealShellExecuteExA
DragQueryFileAorW
ExtractAssociatedIconA
InternalExtractIconListA

gdi32

SwapBuffers
GdiPlayJournal
SetRectRgn
GdiPlayDCScript
GetNearestPaletteIndex
ScaleWindowExtEx
GetMetaRgn
CreateHatchBrush

wininet

InternetSetOptionA
FtpDeleteFileW
InternetGetConnectedStateExW
InternetQueryFortezzaStatus
FindNextUrlCacheContainerW
FtpCommandW
InternetWriteFile
HttpAddRequestHeadersW
SetUrlCacheEntryGroupA
DetectAutoProxyUrl

kernel32

TlsAlloc
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
SetLocaleInfoW
MultiByteToWideChar
QueryPerformanceCounter
GetStringTypeW
SetConsoleCtrlHandler
DeleteCriticalSection
GetTimeFormatA
CompareStringW
RtlUnwind
GetTimeZoneInformation
GetCommandLineA
HeapCreate
TlsSetValue
GetTickCount
SetLastError
FlushInstructionCache
GetEnvironmentStrings
HeapSize
HeapReAlloc
FreeEnvironmentStringsW
InterlockedExchange
GetCPInfo
GetModuleHandleA
WriteFile
IsValidLocale
LCMapStringW
GetLocaleInfoW
GetACP
CreateRemoteThread
FreeEnvironmentStringsA
GetUserDefaultLCID
GetOEMCP
InterlockedDecrement
GetSystemTimeAsFileTime
GetProcAddress
UnhandledExceptionFilter
HeapAlloc
SetHandleCount
LCMapStringA
GetModuleFileNameA
SetEnvironmentVariableA
FreeLibrary
GetCurrentThread
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentStringsW
GetDateFormatA
TlsGetValue
TerminateProcess
CompareStringA
GetCurrentProcess
VirtualQuery
Sleep
DosDateTimeToFileTime
GetStartupInfoA
RaiseException
EnumSystemLocalesA
GetModuleHandleW
LoadLibraryA
GetCurrentThreadId
VirtualFree
WideCharToMultiByte
GetCalendarInfoW
VirtualAlloc
SetUnhandledExceptionFilter
GetStringTypeA
TlsFree
GetStdHandle
IsValidCodePage
HeapDestroy
InterlockedIncrement
GetLocaleInfoA
GetFileType
ExitProcess
IsDebuggerPresent

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ac52a83b703d2641011bab688aac559

Headers

File Characteristics

Imports

advapi32

shell32

gdi32

wininet

kernel32

Sections

.text Size: 129KB - Virtual size: 128KB

.data Size: 274KB - Virtual size: 299KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 129KB - Virtual size: 128KB

.data
Size: 274KB - Virtual size: 299KB

.rsrc
Size: 11KB - Virtual size: 11KB