7ffcf1bff5c887cef1a79a64cfd4a872

Sharing

Copy URL Twitter E-mail

General

Target

7ffcf1bff5c887cef1a79a64cfd4a872
Size

846KB
MD5

7ffcf1bff5c887cef1a79a64cfd4a872
SHA1

73c8d3c7214e8760bed093490e438f7d71ced722
SHA256

17cf66a3a90c2c9089e760844990fb1bcbe17d8d69a978d4a9cdf04875921621
SHA512

4932406978dbf166604bb1bdef4aa599f34a2919459bfdeac9c76407621d4360c1bc45398615c76b872877c61522f761e10e71651b5fc4f0d0d12abd1a836c0f
SSDEEP

24576:K+50pLJ0Yj1RKxxW/nyR+zQp61FMgMvi:o0Yj1RWsz1dMvi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ffcf1bff5c887cef1a79a64cfd4a872

Files

7ffcf1bff5c887cef1a79a64cfd4a872
.exe windows:5 windows x86 arch:x86

8f669aecfca64101d7efedf85127d3c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCreateFromUrlW
PathCompactPathW
SHOpenRegStreamA
StrStrNIW
SHRegEnumUSValueW
PathIsContentTypeW
UrlGetPartA
StrFormatByteSize64A
UrlCompareW
StrStrNW
UrlIsA
PathGetCharTypeA
ColorHLSToRGB
GetMenuPosFromID
StrCmpNIA
UrlIsW
StrCmpIW
SHAutoComplete
PathStripPathW
PathFileExistsA
UrlEscapeA
SHCopyKeyW

kernel32

DnsHostnameToComputerNameW
WaitForMultipleObjectsEx
CreateNamedPipeW
LoadLibraryA
CopyFileExW
ProcessIdToSessionId
CreateWaitableTimerA
SetVolumeLabelW
TerminateJobObject
WriteProfileStringW
EnumLanguageGroupLocalesW
GetLongPathNameW
FindFirstVolumeMountPointA
DeleteTimerQueueTimer
GetFileAttributesA
VerifyVersionInfoA
VirtualAlloc
_lclose
MapViewOfFile
HeapCreate
GetConsoleCommandHistoryLengthW
InitializeCriticalSection
QueueUserAPC
LoadResource
lstrcmpA
GetLargestConsoleWindowSize
GetModuleHandleW

sqlunirl

newMultiByteFromWideChar
_RegDeleteValue_@8
_InsertMenuItem_@16
_SHGetPathFromIDList_@8
_CharLowerBuff_@8
_SetEnvironmentVariable_@8
_DrawState_@40
_CopyFileEx_@24
_CompareString_@24
_LookupPrivilegeDisplayName_@20
_GetUserObjectInformation_@20
_ChangeDisplaySettings_@8
_ObjectOpenAuditAlarm_@48
_IsCharAlphaNumeric_@4
_SetComputerName_@4
_SendMessageCallback_@24
_BeginUpdateResource_@8
_LoadMenu@8

wintrust

SoftpubLoadDefUsageCallData
CryptCATPutCatAttrInfo
WTHelperOpenKnownStores
CryptSIPVerifyIndirectData
WTHelperCheckCertUsage
CryptCATAdminReleaseContext
WVTAsn1SpcIndirectDataContentDecode
CryptSIPGetSignedDataMsg
WintrustGetRegPolicyFlags
CryptCATAdminCalcHashFromFileHandle
mscat32DllUnregisterServer
MsCatFreeHashTag
CryptCATCDFClose
WVTAsn1SpcSpOpusInfoDecode
TrustIsCertificateSelfSigned
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcLinkDecode
WVTAsn1SpcSigInfoEncode
CryptSIPCreateIndirectData
CryptSIPGetInfo
WTHelperGetFileName
WintrustCertificateTrust

mshtml

ShowModelessHTMLDialog
RunHTMLApplication
ShowHTMLDialog
DllEnumClassObjects
PrintHTML
ShowModalDialog
CreateHTMLPropertyPage
MatchExactGetIDsOfNames
ShowHTMLDialogEx

mfc42u

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B

Sections

.text
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f669aecfca64101d7efedf85127d3c8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

sqlunirl

wintrust

mshtml

mfc42u

Sections

.text Size: 731KB - Virtual size: 730KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 731KB - Virtual size: 730KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1008B