4f6cfa40010eb4c134ee54dbd2a1f6eb

Sharing

Copy URL Twitter E-mail

General

Target

4f6cfa40010eb4c134ee54dbd2a1f6eb
Size

284KB
MD5

4f6cfa40010eb4c134ee54dbd2a1f6eb
SHA1

859b1892d39065675b5c37bd5b6ee80b8831a8f8
SHA256

1fcc8091add030351d06807bc0d42a4dbff50c79b941bf6ad7710ebcd32ebe98
SHA512

0d1d78aba5dfa29993d68efa6aa585cc110802ec3ebd84aec4466a56a69187db0849a487eb9a833f136fac19d0edc188c31927ffe2d7900d74805688eb7a166b
SSDEEP

6144:bk4+Xff+dsehVWTb3LS3/EaTjaq7zllIPe9+7s:bQffEseQ3LSMwOqVlIPuW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f6cfa40010eb4c134ee54dbd2a1f6eb

Files

4f6cfa40010eb4c134ee54dbd2a1f6eb
.exe windows:4 windows x86 arch:x86

3499c354e0fdb3a68c9e45743624ca22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindowVisible
CopyAcceleratorTableW
LoadStringA
FindWindowExW
UnloadKeyboardLayout
ScrollWindowEx
GetKeyboardLayout
SendMessageA
ChangeDisplaySettingsExA
WindowFromDC
FlashWindow

wininet

FindNextUrlCacheEntryW
InternetSetDialStateW
FtpCreateDirectoryW
InternetCrackUrlW
FindCloseUrlCache

shell32

SHGetPathFromIDList
SHGetSpecialFolderLocation
ShellHookProc
SHFormatDrive

comdlg32

PageSetupDlgA

advapi32

CryptEncrypt
CryptDuplicateKey
ReportEventA
RegCreateKeyExW
RegQueryValueW
RegDeleteValueA
LookupPrivilegeValueW
CreateServiceW
CryptReleaseContext
InitiateSystemShutdownW

kernel32

TlsSetValue
GetTimeZoneInformation
VirtualFree
DeleteCriticalSection
VirtualAlloc
VirtualProtect
OpenFileMappingA
VirtualFreeEx
TlsAlloc
InterlockedExchange
HeapReAlloc
GetVersionExA
GetStringTypeW
GetCommandLineA
GetLastError
TlsFree
RemoveDirectoryA
EnumSystemLocalesA
SetLastError
GetTimeFormatA
HeapSize
HeapCreate
SetHandleCount
GetFullPathNameW
WideCharToMultiByte
FreeEnvironmentStringsW
EnumResourceLanguagesA
WriteConsoleA
GetCurrentThread
RtlUnwind
GetTickCount
WaitForDebugEvent
GetAtomNameW
GetSystemInfo
TlsGetValue
InitializeCriticalSection
LCMapStringA
SetEnvironmentVariableA
GetStartupInfoA
GetFileType
CompareStringA
MultiByteToWideChar
IsValidLocale
WriteFile
ExitProcess
GetEnvironmentStrings
GetEnvironmentStringsW
VirtualQuery
GetTempPathA
IsValidCodePage
LeaveCriticalSection
TerminateProcess
GetOEMCP
HeapDestroy
LCMapStringW
GetCurrentProcessId
GetACP
CompareStringW
EnterCriticalSection
GetStringTypeA
LoadResource
GetCurrentThreadId
DeleteFileW
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
IsBadWritePtr
GetUserDefaultLCID
GetCurrentProcess
GetDateFormatA
GetLocaleInfoW
GetLocaleInfoA
QueryPerformanceCounter
HeapAlloc
FreeEnvironmentStringsA
HeapFree
GetCPInfo
GetVersion
SetThreadContext
LoadLibraryA
GetStdHandle
ConvertDefaultLocale
UnhandledExceptionFilter
GetSystemTimeAsFileTime

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3499c354e0fdb3a68c9e45743624ca22

Headers

File Characteristics

Imports

user32

wininet

shell32

comdlg32

advapi32

kernel32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 8KB - Virtual size: 28KB

.data Size: 170KB - Virtual size: 169KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 8KB - Virtual size: 28KB

.data
Size: 170KB - Virtual size: 169KB

.rsrc
Size: 2KB - Virtual size: 2KB