79e1684242ec3abad7ee3c4caa2d08f1

General

Target

79e1684242ec3abad7ee3c4caa2d08f1
Size

81KB
MD5

79e1684242ec3abad7ee3c4caa2d08f1
SHA1

8dce453f97ee6d343c190b85835bd29ba664090c
SHA256

9bbe436d4f441b5b17d0f1bfa0f7855fff0d1040e100e24d34829a609d1716d6
SHA512

8eb57123590aaea668f3fca8ecf749befbc9376d1cdebb62a7b23815b4d7c2534ac0bf3ce1b3567b16cb90e64826b2cf4d6aeb1aa291a0abbd364e328df8bb18
SSDEEP

1536:wRWmp/YLMu1MVhplGbics4uOeqWJnTiiGUa3Ny/enI52uB:womvuW9gbJWN2RQAS2uB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79e1684242ec3abad7ee3c4caa2d08f1

Files

79e1684242ec3abad7ee3c4caa2d08f1
.dll windows:4 windows x86 arch:x86

2be16894ce51e42849686b3f3bbe56e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
WritePrivateProfileStringA
GetWindowsDirectoryA
IsBadStringPtrW
DeleteFileA
GetTempPathA
CreateFileMappingA
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
GetPrivateProfileStringA
GetModuleHandleA
SetFilePointer
HeapAlloc
GetProcessHeap
DisableThreadLibraryCalls
OutputDebugStringA
OpenProcess
TerminateProcess
GetCurrentProcess
Sleep
GetCurrentThreadId
OpenFileMappingA
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetProcAddress
LoadLibraryA
CreateFileA
FreeLibrary

user32

GetDC
GetWindowRect
wvsprintfA
GetWindow
FindWindowA
GetFocus
AttachThreadInput
GetWindowThreadProcessId
ToAscii
GetClassNameW
wsprintfA
GetKeyboardState

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

msvcrt

fopen
_strupr
_ltoa
_vsnprintf
tolower
_stricmp
malloc
printf
exit
wcsstr
wcscpy
wcsncat
wcslen
time
srand
memset
sprintf
strcpy
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
fclose
ftell
fseek
_strcmpi
mbstowcs
_except_handler3
strlen
memcpy
free
strncpy
strrchr
strstr
rand

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2be16894ce51e42849686b3f3bbe56e1

Headers

File Characteristics

Imports

kernel32

user32

wininet

urlmon

gdi32

msvcrt

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB