722bfafbbc2af4e0c04ca82ddf52c1a2

Sharing

Copy URL

Twitter E-mail

General

Target

722bfafbbc2af4e0c04ca82ddf52c1a2
Size

44KB
MD5

722bfafbbc2af4e0c04ca82ddf52c1a2
SHA1

f82e6eecce9ab1ce0bf41d832651716a879c49e9
SHA256

5076140cea873c273f0f6e8bac140ceb0225d6d06663a06f141e92e03a9fca0a
SHA512

54470bfac2a09bb05174878c71ea2e9c250d112f24d7987f0cdbcc273b62e57bd5f98dbcb4a7cb555a745730ce5654d1fda990d82dc225b62cfb82bcf9875873
SSDEEP

768:L3r6+GWOZsKmavdiLBktnqlzi7L2ae8l:L3rSXJgytnqllabl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
722bfafbbc2af4e0c04ca82ddf52c1a2

Files

722bfafbbc2af4e0c04ca82ddf52c1a2
.exe windows:4 windows x86 arch:x86

dfd16d0b91fa91f8b6b0f295480017c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
Sleep
FindFirstFileA
GetCurrentDirectoryA
lstrlenA
GetSystemDirectoryA
lstrcpyA
lstrcatA
ReadProcessMemory
GetThreadContext
CreateProcessA
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
CloseHandle
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
InitializeCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
GetCurrentProcess
DeleteFileA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
lstrcmpiA
GetModuleFileNameA
CopyFileA
Module32Next
GetLastError
CreateMutexA
CreateThread
SetStdHandle
SetFilePointer
GetVersionExA
GetLocaleInfoA
GetACP
WinExec
FlushFileBuffers
LoadLibraryA
VirtualQuery
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTickCount
ExitProcess
HeapFree
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapAlloc
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetProcAddress
HeapSize

advapi32

OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

urlmon

URLDownloadToFileA

ntdll

memset
ZwUnmapViewOfSection
strncpy
strstr
RtlUnwind
memmove

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfd16d0b91fa91f8b6b0f295480017c4

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

urlmon

ntdll

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 152B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 152B