4e43d6110cb3e79788080c83c793b9b9

Sharing

Copy URL Twitter E-mail

General

Target

4e43d6110cb3e79788080c83c793b9b9
Size

212KB
MD5

4e43d6110cb3e79788080c83c793b9b9
SHA1

b76737cf0b15ac02167ea605cc7bd0955764d0d9
SHA256

a75718de0be55af109209f66672d84c7b00ee7591d18864e1df822245619084c
SHA512

1c2399e854fc05d5c72174e56f6ce83b6b7a51fffb50d2d17775df760dd182488eff5366d5120b548e4600616858851bfdb5a3bb847d5cc13a7785d928e880af
SSDEEP

3072:GisI+GNSDOufFEHw1GkEzW7lF0cEnWLeQqF+zhTRox2qVm4BoiacdD8YcXtYU5g5:yPJF0czozGErcXCU6ieGMQ0f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e43d6110cb3e79788080c83c793b9b9

Files

4e43d6110cb3e79788080c83c793b9b9
.exe windows:4 windows x86 arch:x86

36be325f93d3b5288b9b1f8e1fef0150

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
RemoveDirectoryA
Sleep
GetFileType
WriteProfileSectionA
SuspendThread
ExitProcess
ReadFile
GetFileSize
CreateFileA
GetSystemDirectoryA
WriteFile
DeleteFileA
LocalCompact
WritePrivateProfileSectionA
ContinueDebugEvent
EndUpdateResourceW
FindAtomA
SetThreadPriority
GetCurrentThread
WinExec
CreateProcessA
GetProcAddress
LoadLibraryA
MoveFileA
DisconnectNamedPipe
SetFileValidData
GetTempFileNameA
SetPriorityClass
OpenProcess
GetCurrentProcessId
CopyFileA
MoveFileExA
ReleaseMutex
CreateMutexA
WriteProcessMemory
ReadProcessMemory
SetWaitableTimer
CreateWaitableTimerA
GetTickCount
OutputDebugStringA
GetLocalTime
SetFilePointer
CreateEventA
ResetEvent
SetEvent
TerminateThread
GetModuleHandleA
LockResource
FindResourceExA
GetTempPathA
GetCurrentProcess
GetModuleFileNameA
WideCharToMultiByte
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
lstrcmpA
FlushInstructionCache
HeapAlloc
MulDiv
GetLastError
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateThread
GlobalAddAtomA
WaitForSingleObject
SetMailslotInfo
CloseHandle
GetProcessVersion
EscapeCommFunction
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTime
SystemTimeToFileTime

user32

GetWindowLongA
UnregisterClassA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetSysColor
ReleaseCapture
SetCapture
SetWindowLongA
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
IsWindowVisible
SetRect
CharLowerBuffA
GetWindowRect
ClientToScreen
PostMessageA
FindWindowExA
MessageBoxA
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
SetFocus
GetWindow
GetFocus
IsChild
DestroyAcceleratorTable
SendMessageA
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
CreateWindowExA
wsprintfA
GetGuiResources
SetThreadDesktop
CreateDesktopA
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA

gdi32

OffsetClipRgn
RoundRect
GetColorSpace
GetGraphicsMode
CloseEnhMetaFile
FlattenPath
DeleteObject
UpdateICMRegKeyA
GetTextAlign
CreateDIBSection
SetPixel
GetPixel
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
GetTextCharacterExtra
Pie
StartPage

advapi32

RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegNotifyChangeKeyValue
IsTokenUntrusted
RegQueryValueExA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID

oleaut32

VarUI4FromStr
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
DispCallFunc
SafeArrayUnlock
SafeArrayLock
VarBstrCmp
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayRedim
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

PathFindExtensionW
PathFindExtensionA

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage

winmm

waveOutOpen

wininet

FindCloseUrlCache
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

ws2_32

send
recv
connect
WSAStartup
WSACleanup
htons
gethostbyname
socket
ioctlsocket
select
closesocket

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36be325f93d3b5288b9b1f8e1fef0150

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

winmm

wininet

ws2_32

Sections

.text Size: 164KB - Virtual size: 162KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 164KB - Virtual size: 162KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 16B