87de5a61cd58249e5d4c3e71af6d0328

Sharing

Copy URL

Twitter E-mail

General

Target

87de5a61cd58249e5d4c3e71af6d0328
Size

303KB
MD5

87de5a61cd58249e5d4c3e71af6d0328
SHA1

6585d4e2bb8909c1d8c5ae621b87c12091fd9df1
SHA256

0ca006a979e0bdb292c3368a368ab2165046faefe21d1c827a7c8dc4dc26bd95
SHA512

71eabf2aaff1b6cf739a954c7801aee0e8e45f7bc71b9384b019a61eed83319f61ac1a1133413750831f25524d8b83a849ea4d3fe9ae32a7f73389eebaca3335
SSDEEP

6144:4anX6ljsB3SIbf7g4KQIrhcjRJ68J/dSyebc1m+kt+a4+N:fnKFsBCIblycjT7LSyebgdkt+R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87de5a61cd58249e5d4c3e71af6d0328

Files

87de5a61cd58249e5d4c3e71af6d0328
.exe windows:4 windows x86 arch:x86

f2500a3a2664a50723eb469e59a855c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCanonicalizeUrlA
InternetAttemptConnect
InternetQueryFortezzaStatus
InternetSetOptionExA
RegisterUrlCacheNotification
ReadUrlCacheEntryStream
InternetCloseHandle
InternetSecurityProtocolToStringA
FtpGetFileA
UnlockUrlCacheEntryFileW
InternetCanonicalizeUrlW
FtpCommandW
FindNextUrlCacheGroup

comdlg32

ChooseFontA
GetFileTitleW
PrintDlgW
ChooseColorA

gdi32

CreateMetaFileW
SetArcDirection
SetPolyFillMode
PolyTextOutA
gdiPlaySpoolStream
CopyEnhMetaFileA

advapi32

RegEnumKeyW
CryptImportKey
LogonUserA
CryptDestroyKey
RegReplaceKeyA
RegQueryValueW
RegLoadKeyA
RegQueryValueExW
CryptGetProvParam
CryptAcquireContextW
RegSetValueA
CryptHashData
DuplicateTokenEx
RegSaveKeyW
CreateServiceW
RegCreateKeyW
CryptEnumProvidersA
RegReplaceKeyW
CryptSignHashA
RegSetKeySecurity
RegQueryInfoKeyW
CryptSetKeyParam
RegRestoreKeyW

kernel32

VirtualQuery
ExitProcess
GetLocaleInfoA
InterlockedExchange
GetEnvironmentStrings
AllocConsole
GetLastError
GetStringTypeA
GetCommandLineA
TlsGetValue
QueryPerformanceCounter
InterlockedDecrement
HeapCreate
CompareStringW
GetLocaleInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
FreeLibrary
GetTimeFormatA
CompareStringA
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
Sleep
HeapFree
MultiByteToWideChar
GetCPInfo
GetVersionExA
GetProcessHeap
InterlockedIncrement
GetCurrentProcessId
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetDateFormatA
LoadLibraryA
HeapSize
GetTimeZoneInformation
WideCharToMultiByte
TlsSetValue
IsDebuggerPresent
GetEnvironmentStringsW
GetFileType
FreeEnvironmentStringsW
HeapDestroy
GetOEMCP
GetCurrentThread
WriteFile
InitializeCriticalSection
GetModuleFileNameA
GetStdHandle
GetCurrentThreadId
UnhandledExceptionFilter
GetStringTypeW
SetLastError
GetProcAddress
IsValidCodePage
TlsAlloc
SetEnvironmentVariableA
HeapReAlloc
SetUnhandledExceptionFilter
VirtualFree
IsValidLocale
GetTickCount
GetUserDefaultLCID
SetConsoleCtrlHandler
VirtualAlloc
TerminateProcess
GetACP
TlsFree
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess

shell32

CheckEscapesW
DragQueryPoint
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSettings
ShellAboutW
SHGetFileInfoA
SHInvokePrinterCommandW
SHChangeNotify
DoEnvironmentSubstW
SHAppBarMessage
DragQueryFile
SHInvokePrinterCommandA
ExtractIconA
SHBrowseForFolderW
ShellExecuteA
ExtractIconExA

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2500a3a2664a50723eb469e59a855c6

Headers

File Characteristics

Imports

wininet

comdlg32

gdi32

advapi32

kernel32

shell32

Sections

.text Size: 157KB - Virtual size: 157KB

.data Size: 140KB - Virtual size: 170KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 157KB - Virtual size: 157KB

.data
Size: 140KB - Virtual size: 170KB

.rsrc
Size: 4KB - Virtual size: 4KB