4ffed383a95ce3729242b3dcf523dfb6

Sharing

Copy URL

Twitter E-mail

General

Target

4ffed383a95ce3729242b3dcf523dfb6
Size

374KB
MD5

4ffed383a95ce3729242b3dcf523dfb6
SHA1

0803e20b84f6e0f9081bf40b5d827a70684b7997
SHA256

6c89b7f83f42b234aec1fb57afed5057d35c5fda4e6f31ee7d393411d940668a
SHA512

d194c41c99fb89d7662fc2a40b1f4cfaecdabf3035f9d396798f91f7da0c2ef6e4ab4a77114678d25536da2f7cd9ba86c49dc0f6f28668ec48686c104d4250d9
SSDEEP

6144:OifOkw5PJ0x4bmYhKi68zH9Sj8V5Jm7gODoJE41x7r6w5P2lN0FI5PMwosgnZ2:OivKPJ0OCEKi6oCV7gODQEMF20F65VoD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ffed383a95ce3729242b3dcf523dfb6

Files

4ffed383a95ce3729242b3dcf523dfb6
.exe windows:4 windows x86 arch:x86

aa5de86bf46f785e7c99ab24c4d6f1a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCrackUrlW
FindFirstUrlCacheContainerW
FindNextUrlCacheEntryA
GopherOpenFileW
FindFirstUrlCacheGroup
FtpGetFileSize
InternetAttemptConnect
HttpOpenRequestA

user32

GetClassInfoA
MapWindowPoints
GetMenuStringA
RegisterClassExA
RegisterDeviceNotificationA
RegisterClassA
GetTitleBarInfo
ToAsciiEx
ShowWindowAsync
WINNLSGetEnableStatus
DrawTextExW
GetKeyboardLayoutNameW
UnionRect
GetScrollRange

shell32

RealShellExecuteExA

kernel32

GetLastError
GetLocaleInfoA
GetCommandLineW
FlushFileBuffers
DeleteCriticalSection
GetSystemTimeAsFileTime
CreateFileA
HeapDestroy
TerminateProcess
ReadFile
Sleep
GetCurrentThread
OpenMutexA
GetTimeZoneInformation
SetFileAttributesA
GetProcessHeap
IsValidLocale
FreeEnvironmentStringsA
VirtualQuery
TlsFree
CompareStringW
CreateMutexA
HeapFree
LeaveCriticalSection
VirtualFree
LoadLibraryA
GetStringTypeW
TlsAlloc
GetConsoleOutputCP
GetStartupInfoW
HeapCreate
IsValidCodePage
GetCurrentThreadId
SetConsoleCtrlHandler
GetStdHandle
SetLastError
SetEnvironmentVariableA
CloseHandle
FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleFileNameA
RtlUnwind
GetConsoleMode
SetHandleCount
EnumSystemLocalesA
GetCurrentProcessId
GetTickCount
HeapAlloc
GetEnvironmentStringsW
SetFilePointer
UnhandledExceptionFilter
LCMapStringW
TlsSetValue
InterlockedExchange
GetUserDefaultLCID
ExitProcess
HeapSize
WriteConsoleA
EnterCriticalSection
TlsGetValue
GetProcAddress
GetEnvironmentStrings
MultiByteToWideChar
GetACP
GetOEMCP
QueryPerformanceCounter
LCMapStringA
WriteFile
SetUnhandledExceptionFilter
GetModuleHandleA
GetConsoleCP
GetLocaleInfoW
InitializeCriticalSection
GetDateFormatA
GetStringTypeA
GetCPInfo
WriteConsoleW
WideCharToMultiByte
IsDebuggerPresent
CompareStringA
GetCommandLineA
FreeLibrary
InterlockedIncrement
GetTimeFormatA
GetVersionExA
SetStdHandle
GetFileType
GetStartupInfoA
GetCurrentProcess
HeapReAlloc
InterlockedDecrement
VirtualAlloc

comdlg32

ReplaceTextA
ChooseColorW

comctl32

InitCommonControlsEx

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa5de86bf46f785e7c99ab24c4d6f1a1

Headers

File Characteristics

Imports

wininet

user32

shell32

kernel32

comdlg32

comctl32

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 9KB - Virtual size: 28KB

.data Size: 176KB - Virtual size: 176KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 9KB - Virtual size: 28KB

.data
Size: 176KB - Virtual size: 176KB

.rsrc
Size: 7KB - Virtual size: 6KB