72e21d90be243df7de86eaba1060d8cd

Sharing

Copy URL Twitter E-mail

General

Target

72e21d90be243df7de86eaba1060d8cd
Size

470KB
MD5

72e21d90be243df7de86eaba1060d8cd
SHA1

58a74c45e6c90662f6cbc921e209bc0b5d630c24
SHA256

e7495be9876cc8426a675e55d763269df0d9b34f13854d43b59eebd2eef7e08c
SHA512

7e18e1770a4318538031d4168ac9ca87c4970155b571aa41801fc5e99343451a3cf835d87b2589c2e8b3fd3b8852b3c1e511ef7f6d22e3f120923e0979c12044
SSDEEP

12288:L47vjrG1/UlqTtO+2Ye7TDfOIENBjHEV18G3QT:LedIh/2YUmN7i8Ic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72e21d90be243df7de86eaba1060d8cd

Files

72e21d90be243df7de86eaba1060d8cd
.exe windows:4 windows x86 arch:x86

6e960315d2bc8cca6ac5dd78cc53c2f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetInstanceExplorer
SHGetDataFromIDListW
SheChangeDirExW
ExtractIconEx
DoEnvironmentSubstA

advapi32

CryptDecrypt
RevertToSelf
CryptGetDefaultProviderA
RegConnectRegistryA
CryptReleaseContext
LogonUserW
LookupSecurityDescriptorPartsA
AbortSystemShutdownW
GetUserNameW
CryptGenRandom
InitiateSystemShutdownW
CryptSetProviderA
LookupPrivilegeNameW
LookupAccountSidW
RegConnectRegistryW
RegQueryValueExW
LookupAccountNameW
CryptSetProvParam

gdi32

CreateColorSpaceA
PlayMetaFile
DescribePixelFormat
StartDocW
SetMetaFileBitsEx
GetOutlineTextMetricsW
AbortPath
CreatePatternBrush
ExtTextOutW
CreateScalableFontResourceA
EnumICMProfilesA
GetICMProfileW
CreateEllipticRgnIndirect
SetMetaRgn
OffsetRgn
GetEnhMetaFileW

wininet

FindFirstUrlCacheContainerW
InternetSetOptionW
HttpQueryInfoA
FtpFindFirstFileW
InternetQueryDataAvailable
GopherCreateLocatorA
InternetSetCookieA

user32

SetWindowsHookW
DialogBoxIndirectParamA
DdeQueryNextServer
ClipCursor
CopyAcceleratorTableW
RemovePropA
OffsetRect
LoadAcceleratorsW
RegisterClassA
EnumDisplaySettingsW
GetListBoxInfo
CreateIcon
RegisterClassExA
DlgDirListComboBoxW
IntersectRect
CascadeChildWindows
GetShellWindow
CheckDlgButton
ShowOwnedPopups
DrawTextExW
ActivateKeyboardLayout
GetKeyState
CallMsgFilter
BroadcastSystemMessage
IsCharAlphaA
ScreenToClient

kernel32

WriteFile
InterlockedExchange
LCMapStringA
FreeEnvironmentStringsA
TerminateProcess
VirtualFree
WideCharToMultiByte
CompareStringW
GetFileType
GetModuleFileNameW
WriteConsoleW
EnumSystemLocalesA
VirtualQuery
WriteConsoleA
GetSystemTimeAsFileTime
HeapDestroy
GetConsoleOutputCP
GetStartupInfoA
InitializeCriticalSection
DeleteCriticalSection
GetConsoleMode
GetOEMCP
GetStringTypeA
GetCommandLineW
OpenMutexA
LoadLibraryA
GetUserDefaultLCID
CompareStringA
HeapFree
GetLastError
GetStdHandle
RaiseException
GetEnvironmentStrings
QueryPerformanceCounter
ExitProcess
GetCurrentThreadId
GetCurrentThread
SetLastError
IsValidLocale
TlsAlloc
FlushFileBuffers
TlsSetValue
GetEnvironmentStringsW
GetCPInfo
LeaveCriticalSection
lstrlenA
GetLocaleInfoA
LoadLibraryW
InterlockedIncrement
GetLocaleInfoW
RtlUnwind
GetProcAddress
FreeEnvironmentStringsW
GetStringTypeW
EnterCriticalSection
GetTickCount
ReadFile
TlsGetValue
GetACP
UnhandledExceptionFilter
HeapCreate
SetEnvironmentVariableA
HeapAlloc
SetFilePointer
IsValidCodePage
SetUnhandledExceptionFilter
LockFileEx
DebugBreak
GetModuleFileNameA
GetCommandLineA
CreateMutexA
GetCurrentProcess
CreateFileA
OutputDebugStringW
GetTimeZoneInformation
GetProcessHeap
GetConsoleCP
GetCurrentProcessId
SetStdHandle
GetStartupInfoW
HeapValidate
SetHandleCount
IsDebuggerPresent
GetTimeFormatA
TlsFree
VirtualAlloc
MultiByteToWideChar
GetDateFormatA
GetVersionExA
HeapReAlloc
InterlockedDecrement
LCMapStringW
IsBadReadPtr
CloseHandle
OutputDebugStringA
FreeLibrary
GetModuleHandleA
SetConsoleCtrlHandler

comctl32

InitCommonControlsEx

Sections

.text
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e960315d2bc8cca6ac5dd78cc53c2f2

Headers

File Characteristics

Imports

shell32

advapi32

gdi32

wininet

user32

kernel32

comctl32

Sections

.text Size: 268KB - Virtual size: 268KB

.rdata Size: 47KB - Virtual size: 54KB

.data Size: 148KB - Virtual size: 148KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 268KB - Virtual size: 268KB

.rdata
Size: 47KB - Virtual size: 54KB

.data
Size: 148KB - Virtual size: 148KB

.rsrc
Size: 5KB - Virtual size: 4KB