4f6661db5b924807f166a264c9be0f7f

Sharing

Copy URL Twitter E-mail

General

Target

4f6661db5b924807f166a264c9be0f7f
Size

297KB
MD5

4f6661db5b924807f166a264c9be0f7f
SHA1

24b8e8a18f3ee650b62469edae4dee4532591dd9
SHA256

2108196e02cad436a1ec5657a056a25249a8ee3edd3e81a2302e643cbc16f8b5
SHA512

dd638a46e1a65af9075807264154296c46d9b05c9f36c9d7d5813e7e1ed052f8dc59232606a2775684ce0f163990c28cf3f59994444a85ad54be8ec555289e3d
SSDEEP

6144:ai4w9/LC51r5xdCDmnZMh/lsx0n+yP3CtErdcIo5gcwuPL1DzWy:ae9jCL1JyhAbyPJdc3guky

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f6661db5b924807f166a264c9be0f7f

Files

4f6661db5b924807f166a264c9be0f7f
.exe windows:5 windows x86 arch:x86

001878d05b327c615f38fb729eb533c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??1type_info@@UAE@XZ
memmove
memcpy
_onexit
_lock
__dllonexit
_unlock
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_callnewh
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
srand
time
rand
??0exception@@QAE@XZ
memset
strncmp
_strlwr
_gcvt
_errno
calloc
_purecall
_resetstkoflw
_vsnwprintf
free
malloc
_msize
_wtoi
_fpclass
_HUGE
wcstod
wcschr
_wcstoi64
_ultoa
wcsncpy
iswalpha
iswprint
iswalnum
iswascii
iswdigit
iswxdigit
iswlower
wcstol
iswcntrl
_i64toa
_ui64toa
wcsncmp
_snwprintf
_wcstoui64
iswspace
_wcsicmp
_CIexp

kernel32

DelayLoadFailureHook
CreateFileW
LockResource
VirtualProtect
LocalFree
GetVersionExW
ReleaseMutex
QueueUserWorkItem
GetSystemDirectoryW
SetLastError
LocalAlloc
GetSystemTime
SystemTimeToFileTime
SetEndOfFile
CreateDirectoryW
SetFilePointer
FreeLibrary
FindResourceW
lstrcmpiW
GetThreadLocale
InterlockedIncrement
SetThreadLocale
InitializeCriticalSection
InterlockedDecrement
RaiseException
DeleteCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
LeaveCriticalSection
lstrlenW
SizeofResource
GetModuleHandleW
GetFileSize
GetModuleFileNameW
MultiByteToWideChar
LoadLibraryExW
GetLastError
CloseHandle
CreateEventW
SetEvent
LCMapStringW
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
GetVersionExA
InterlockedExchange
WideCharToMultiByte
CompareStringW
lstrlenA
Sleep
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateMutexW
FindResourceExW
InterlockedExchangeAdd
GetSystemInfo
FileTimeToSystemTime
GetLocalTime
LoadResource

ole32

CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID

oleaut32

SysStringByteLen
VariantChangeType
SysAllocStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysStringLen
SysFreeString
VariantCopy

user32

CharNextW
UnregisterClassA

advapi32

RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
GetTraceEnableLevel
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
TraceMessage
RegCreateKeyW
RegQueryValueExW
RegOpenKeyW
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
AddAce
AddAccessAllowedAceEx
InitializeAcl
InitializeSecurityDescriptor
GetTraceLoggerHandle
GetAclInformation
GetLengthSid
ConvertStringSidToSidW
GetAce
SetSecurityDescriptorSacl
OpenProcessToken
GetSecurityDescriptorLength
MakeAbsoluteSD
MakeSelfRelativeSD
GetTokenInformation
SetSecurityDescriptorDacl
IsValidSid
CopySid
GetSecurityInfo
ConvertSidToStringSidW

shlwapi

UrlCanonicalizeW
UrlGetPartW
UrlApplySchemeW
PathAppendW
ord15
PathRemoveFileSpecW
UrlCombineW

rpcrt4

MesDecodeBufferHandleCreate
MesHandleFree

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

crypt32

CertVerifyCertificateChainPolicy
CryptHashPublicKeyInfo
CryptUnprotectData
CryptProtectData

shell32

SHGetFolderPathW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ffff
Size: 139KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

001878d05b327c615f38fb729eb533c7

Headers

File Characteristics

Imports

msvcrt

kernel32

ole32

oleaut32

user32

advapi32

shlwapi

rpcrt4

wintrust

crypt32

shell32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 145KB - Virtual size: 148KB

.data Size: 1KB - Virtual size: 4KB

.ffff Size: 139KB - Virtual size: 224KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 145KB - Virtual size: 148KB

.data
Size: 1KB - Virtual size: 4KB

.ffff
Size: 139KB - Virtual size: 224KB

.rsrc
Size: 2KB - Virtual size: 2KB