7872cfc984a198a53781d2f95a1974f7

Sharing

Copy URL

Twitter E-mail

General

Target

7872cfc984a198a53781d2f95a1974f7
Size

212KB
MD5

7872cfc984a198a53781d2f95a1974f7
SHA1

09f97f045f0358f5226d013d23e23d27d655555a
SHA256

8ccbf36c7f5a08fc3b63d5cba243c35054f3457ab82dfe3d78ccc4715d4ca4d0
SHA512

c2acb4c65d742cbd7bec256509f7fb84dded68f9698817ad84f0b8f31d0fa94206d0dcb3f30690747e7b4c3901cdcc5ae8e0659ef90574149cf9944ca66873f8
SSDEEP

6144:ctAJUs3fx5+x+2lK1MN6Rq2Tk8BNOTjqL3cyGKYa:ctmG+qy8l2H0X+Oa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7872cfc984a198a53781d2f95a1974f7

Files

7872cfc984a198a53781d2f95a1974f7
.exe windows:4 windows x86 arch:x86

bb72cde37d6adfb4d030168ce56486ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetStdHandle
GetDateFormatA
HeapSize
QueryPerformanceCounter
TerminateProcess
GetTimeZoneInformation
GetCommandLineA
IsValidLocale
GetModuleHandleA
HeapAlloc
LCMapStringA
SetEnvironmentVariableA
GetStringTypeW
LCMapStringW
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
CompareStringA
SetLastError
GetCurrentThreadId
GetStartupInfoA
HeapDestroy
CreateNamedPipeW
InterlockedDecrement
GetFileType
CompareStringW
UnhandledExceptionFilter
MultiByteToWideChar
InterlockedExchange
TlsAlloc
GetTempFileNameW
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStringsW
TlsSetValue
VirtualAlloc
GetTickCount
GetTimeFormatA
GetCurrentProcess
RtlUnwind
IsDebuggerPresent
HeapCreate
DeleteCriticalSection
GetProcAddress
GetCPInfo
GetLocaleInfoA
GetLocaleInfoW
TlsFree
FreeEnvironmentStringsW
SetCurrentDirectoryW
GlobalUnlock
EnterCriticalSection
GetUserDefaultLCID
FileTimeToSystemTime
IsValidCodePage
GetSystemTimeAsFileTime
EnumSystemLocalesA
InterlockedCompareExchange
SetHandleCount
GetACP
GetStringTypeA
LeaveCriticalSection
VirtualQuery
GetLastError
FindNextChangeNotification
VirtualFree
GetModuleHandleW
GetCurrentThread
MoveFileExW
SetEndOfFile
InterlockedIncrement
GetEnvironmentStrings
OutputDebugStringW
SetConsoleCursorInfo
GetProfileIntW
InitializeCriticalSectionAndSpinCount
FreeLibrary
HeapFree
HeapReAlloc
GetModuleFileNameA
MoveFileExA
TlsGetValue
lstrcmpW
WriteFile
GetCurrentProcessId
ExitProcess
LocalUnlock
LoadLibraryA
Sleep

advapi32

RegRestoreKeyW
CryptEncrypt
LookupAccountNameA
LookupAccountSidA
RegQueryInfoKeyA
CryptSignHashA
RegNotifyChangeKeyValue
CreateServiceW
RegQueryValueW
RegQueryInfoKeyW
RegDeleteValueA
RegSetValueA

wininet

InternetTimeFromSystemTime
UpdateUrlCacheContentPath
UnlockUrlCacheEntryFileA

comdlg32

ReplaceTextA

gdi32

GetTextColor
ArcTo
SetDIBits
GetObjectA
SetFontEnumeration
GetArcDirection
CancelDC
CreateRoundRectRgn
SetRectRgn
GetROP2

user32

DdeQueryStringW
SetScrollRange
GetMenuInfo
SetRect
CreateIconIndirect
GetWindowWord
DispatchMessageW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb72cde37d6adfb4d030168ce56486ef

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

comdlg32

gdi32

user32

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 9KB - Virtual size: 37KB

.data Size: 133KB - Virtual size: 132KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 9KB - Virtual size: 37KB

.data
Size: 133KB - Virtual size: 132KB

.rsrc
Size: 7KB - Virtual size: 6KB