4e95310e0aca65e1a5e5bdbf01b7feb0

Sharing

Copy URL Twitter E-mail

General

Target

4e95310e0aca65e1a5e5bdbf01b7feb0
Size

423KB
MD5

4e95310e0aca65e1a5e5bdbf01b7feb0
SHA1

2eb6b519ca51dbb4c74377fb6c0296f7d321172e
SHA256

6823e4c0384e174f6e3fe83c9a02ebc791ff2952b9dbdf208d2581966ebaa8aa
SHA512

45dd5058c207186dce49ea6c40e2b2f49d0160d61872a20bc93b83a9d891599b49ba73ae4a234cc37d4db43c1b1e17f1093bf11e012580cf92d53f1f5c482cc6
SSDEEP

6144:RqbI9WH1vQUqnanE3bssGj/IxXUJ9uhvVE6SUwLJuLt3yZZQBaMZcfoHOwrhhiCC:fs1v4mCbsHM6iQvwtVdZwo3rPFsj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e95310e0aca65e1a5e5bdbf01b7feb0

Files

4e95310e0aca65e1a5e5bdbf01b7feb0
.exe windows:4 windows x86 arch:x86

5b842a001a6510c5f8525011eaf2b0ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

UpdateUrlCacheContentPath
ReadUrlCacheEntryStream
GetUrlCacheEntryInfoA
InternetGetCookieW
InternetFortezzaCommand
FtpFindFirstFileA
FindNextUrlCacheContainerA
SetUrlCacheHeaderData
InternetSecurityProtocolToStringA
FtpGetFileSize
HttpSendRequestW
InternetInitializeAutoProxyDll
GopherCreateLocatorA
InternetQueryOptionA
GopherGetLocatorTypeW
InternetConfirmZoneCrossingW
RunOnceUrlCache
GopherCreateLocatorW

advapi32

LookupPrivilegeNameA
ReportEventW
RegCreateKeyExW
CryptDeriveKey
RegQueryValueA
LookupAccountNameA
CryptSetProviderA
StartServiceW
RegEnumKeyExA
RegCreateKeyW
RegSetValueExW
LookupPrivilegeDisplayNameA
CryptAcquireContextA
CryptGetDefaultProviderA
CryptAcquireContextW
LookupSecurityDescriptorPartsA
CryptDuplicateHash
RegFlushKey
RegQueryValueW
CryptSetProviderExA

shell32

InternalExtractIconListA
DragQueryFileAorW
DragQueryFileA
ExtractAssociatedIconA
SHUpdateRecycleBinIcon
SHBrowseForFolder
ShellExecuteEx
ExtractIconA
SHFileOperation

comdlg32

ChooseColorA
GetOpenFileNameW
GetSaveFileNameA
FindTextW
LoadAlterBitmap
GetSaveFileNameW
PrintDlgW
PageSetupDlgA
ChooseFontW
ReplaceTextA
ChooseFontA
ChooseColorW
PrintDlgA
PageSetupDlgW
ReplaceTextW
GetFileTitleA
FindTextA

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
LoadLibraryA
VirtualQueryEx
HeapAlloc
RtlUnwind
QueryPerformanceCounter
GetConsoleCP
GetModuleFileNameA
GetCurrentThreadId
GetProcAddress
HeapReAlloc
ExitProcess
VirtualAlloc
VirtualProtectEx
TerminateProcess
GetCompressedFileSizeA
GetCurrentProcessId
GetCurrentProcess
InterlockedExchange
VirtualQuery
GlobalUnfix
HeapFree
GetTickCount

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b842a001a6510c5f8525011eaf2b0ed

Headers

File Characteristics

Imports

wininet

advapi32

shell32

comdlg32

kernel32

Sections

.text Size: 150KB - Virtual size: 149KB

.data Size: 267KB - Virtual size: 267KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 150KB - Virtual size: 149KB

.data
Size: 267KB - Virtual size: 267KB

.rsrc
Size: 4KB - Virtual size: 4KB