4f7f5927b29ed2257993ba12fcdb66d9

Sharing

Copy URL Twitter E-mail

General

Target

4f7f5927b29ed2257993ba12fcdb66d9
Size

455KB
MD5

4f7f5927b29ed2257993ba12fcdb66d9
SHA1

3e31a3d42936cf38267090891d9c444dac81a09f
SHA256

b8dc04e9624091c05b44a7438cbbce084cb8d65ab66b52623239a9ca0d073f5e
SHA512

acecc57d576c0a1461cdaa3026609b767117ad1a376593e8aa78fc50ca5cfdaf8909dc4754e861f8257f42466b5303aeb51632246fd238d967b41b96420289ae
SSDEEP

6144:Sugr9vbbPZoiJ6+yXvgrRshOYw++ER7fSGWLBfmlD3g34AXxR2X7oxHR+/OGL4c0:XgpnPZJNy/gravhMGo9BR2cRR+QuS2K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f7f5927b29ed2257993ba12fcdb66d9

Files

4f7f5927b29ed2257993ba12fcdb66d9
.exe windows:4 windows x86 arch:x86

66f5af10a3e203b22bab6bc2d4d6a570

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassA
ReplyMessage
NotifyWinEvent
SystemParametersInfoW
InsertMenuItemA
IsCharAlphaNumericA
CharToOemBuffW
AppendMenuW
DestroyCursor
RegisterClassExA

gdi32

DeviceCapabilitiesExW
SetSystemPaletteUse
GetEnhMetaFilePaletteEntries

kernel32

GetLastError
GetStartupInfoW
GetModuleFileNameW
GetStringTypeW
CreateMutexA
EnterCriticalSection
TlsSetValue
GetStringTypeA
InitializeCriticalSection
TerminateProcess
GetSystemTimeAsFileTime
FlushFileBuffers
WritePrivateProfileStructA
TlsAlloc
GetDiskFreeSpaceExA
HeapFree
GetModuleHandleA
GetModuleFileNameA
ResetEvent
GlobalFindAtomW
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
QueryPerformanceCounter
LoadLibraryA
GetSystemTime
GetVersionExW
HeapReAlloc
GetCommandLineW
SetFilePointer
GetStartupInfoA
IsDebuggerPresent
SetEnvironmentVariableA
ReadFile
CreateFileMappingW
FreeEnvironmentStringsA
CloseHandle
lstrlenA
GetLocalTime
HeapDestroy
GetFileType
CompareStringW
TlsFree
VirtualQuery
LCMapStringW
LoadResource
CreateMutexW
InterlockedExchange
AddAtomA
GetCommandLineA
GetCurrentProcess
LCMapStringA
ExpandEnvironmentStringsW
GetVersion
GetTickCount
MultiByteToWideChar
UnhandledExceptionFilter
VirtualAlloc
WideCharToMultiByte
InterlockedIncrement
SetStdHandle
GetCurrentProcessId
RtlUnwind
GetProcessHeaps
GetProcAddress
ConvertDefaultLocale
SetLastError
UnlockFile
HeapCreate
InterlockedDecrement
GetCurrentThread
GetEnvironmentStrings
TlsGetValue
GetCPInfo
SetHandleCount
OpenMutexA
GetExitCodeThread
GetCurrentThreadId
IsBadWritePtr
HeapAlloc
GetStdHandle
ExitProcess
WriteFile
FreeEnvironmentStringsW
CompareStringA
GetEnvironmentStringsW
GetTimeFormatW
GetTimeZoneInformation

comctl32

InitCommonControlsEx

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66f5af10a3e203b22bab6bc2d4d6a570

Headers

File Characteristics

Imports

user32

gdi32

kernel32

comctl32

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 38KB - Virtual size: 45KB

.data Size: 102KB - Virtual size: 102KB

.rsrc Size: 21KB - Virtual size: 20KB

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 38KB - Virtual size: 45KB

.data
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 21KB - Virtual size: 20KB