63fed021785b7c2f93f74cc40ebf819d

Sharing

Copy URL

Twitter E-mail

General

Target

63fed021785b7c2f93f74cc40ebf819d
Size

450KB
MD5

63fed021785b7c2f93f74cc40ebf819d
SHA1

fbb31e9233c6d3cebdf71aa3d0fb25025c84e03d
SHA256

087d640c3adcb6785a01629cf3abf9625f311340fc250d542cbb11877eaf4f3a
SHA512

5b58f093cff6c392b48170bead7c6345d9761c39867e71ccb7f90882bb47413126833d79de39e0f083353c5a20fd105610349dd230a9371aa70b2114147f512f
SSDEEP

12288:UF5aHmPPgjavi5zdgDqR1nSe53fTg0qMpC:q5a0Pgjavi5zdgb4Bql

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63fed021785b7c2f93f74cc40ebf819d

Files

63fed021785b7c2f93f74cc40ebf819d
.exe windows:4 windows x86 arch:x86

5488ed2e00aa7f8f13016f726e64b88e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameW
ReadConsoleInputA
GetTickCount
LCMapStringW
GetACP
GetLastError
GetOEMCP
GetSystemTimeAsFileTime
GetCPInfo
SetHandleCount
lstrlenW
HeapSize
GetVersionExA
HeapAlloc
GetUserDefaultLCID
ExitProcess
SetVolumeLabelW
VirtualAlloc
GetProcAddress
TlsGetValue
HeapFree
IsValidCodePage
TlsAlloc
GetTimeFormatA
ReadConsoleOutputCharacterW
GetModuleHandleW
GetCurrentProcess
LeaveCriticalSection
WriteFile
UnhandledExceptionFilter
AddAtomA
SetPriorityClass
GetDateFormatA
FreeEnvironmentStringsA
SetEnvironmentVariableA
DeleteCriticalSection
LoadLibraryA
FindNextChangeNotification
FindNextFileA
QueryPerformanceCounter
GetCommandLineW
IsValidLocale
GetEnvironmentStrings
HeapCreate
VirtualFree
FreeEnvironmentStringsW
GetStartupInfoW
EnterCriticalSection
CompareStringW
GetLocaleInfoA
GetStringTypeW
WriteConsoleOutputCharacterA
CreateNamedPipeA
RtlUnwind
InitializeCriticalSection
GetCurrentThreadId
HeapDestroy
GetCommandLineA
IsBadWritePtr
LCMapStringA
FindResourceA
GetModuleHandleA
VirtualQuery
HeapReAlloc
CompareStringA
MultiByteToWideChar
EnumSystemLocalesA
GetCurrentProcessId
GetVolumeInformationW
GetEnvironmentStringsW
SetLastError
GetFileType
GetFileAttributesExW
VirtualProtect
GetLocaleInfoW
TerminateProcess
CompareFileTime
GetStringTypeA
GetModuleFileNameA
TlsFree
GetCurrentThread
InterlockedExchange
GetStdHandle
TlsSetValue
GetSystemInfo
GetTimeZoneInformation
GetStartupInfoA
GlobalSize

shell32

SHGetInstanceExplorer
SHGetDiskFreeSpaceA

gdi32

GetBitmapDimensionEx
Pie
SetMetaFileBitsEx
GetCharABCWidthsW
GetKerningPairsW
CreateScalableFontResourceA
GetICMProfileA
CreatePenIndirect
DescribePixelFormat
GetPixelFormat
Arc
CreateCompatibleBitmap
SaveDC
SetLayout
GetMetaFileBitsEx
GetAspectRatioFilterEx
FillPath
SetColorAdjustment
SetPolyFillMode
StrokePath
StartPage
GetClipBox
GetLogColorSpaceA
ExtCreateRegion
GetFontData

comdlg32

GetOpenFileNameW
ReplaceTextW

wininet

FindNextUrlCacheEntryExW
FindFirstUrlCacheGroup
InternetAlgIdToStringW
InternetCrackUrlA
GetUrlCacheEntryInfoA
InternetOpenUrlA

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5488ed2e00aa7f8f13016f726e64b88e

Headers

File Characteristics

Imports

kernel32

shell32

gdi32

comdlg32

wininet

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 8KB - Virtual size: 30KB

.data Size: 280KB - Virtual size: 279KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 8KB - Virtual size: 30KB

.data
Size: 280KB - Virtual size: 279KB

.rsrc
Size: 9KB - Virtual size: 9KB