8d2e3f91b8a82bb0176679ea54cd187d

Sharing

Copy URL Twitter E-mail

General

Target

8d2e3f91b8a82bb0176679ea54cd187d
Size

272KB
MD5

8d2e3f91b8a82bb0176679ea54cd187d
SHA1

f71a2dabbb3e7712833bbbc2735b057cd295d168
SHA256

86389433a32cbcedbd426cf53bd51116f5713c274a1ce7404e1f45ecff881683
SHA512

a2b40c7974a5c3ebd9b958399683f1b6076ce4a66c8506bb8f7c9591b77a929963647de379514f74d3169bef01a16667b1e88cbaa184932e72f23ebaf0e59215
SSDEEP

6144:CJ+CjBxbfgHdbpJQL6ZTlI+Cjqb3+2qLb:+T/8bdxIFjvL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d2e3f91b8a82bb0176679ea54cd187d

Files

8d2e3f91b8a82bb0176679ea54cd187d
.exe windows:4 windows x86 arch:x86

6b734b0fdaf85010c7f75fbd739ebeac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
HeapCreate
GetNamedPipeInfo
SystemTimeToTzSpecificLocalTime
GetStringTypeA
FreeEnvironmentStringsA
HeapAlloc
LoadLibraryA
TlsSetValue
SetEnvironmentVariableA
WideCharToMultiByte
WaitNamedPipeW
EnumSystemLocalesA
GetEnvironmentStrings
TlsFree
TlsGetValue
GetCurrentThread
GetTimeZoneInformation
GetUserDefaultLCID
DeleteCriticalSection
Sleep
GetLocaleInfoA
GetVersionExA
GetLocaleInfoW
CompareStringW
InitializeCriticalSection
VirtualFree
GetTimeFormatA
GetProcAddress
FreeLibrary
GetStringTypeW
HeapFree
GlobalFree
GetLastError
FindFirstFileExA
InterlockedDecrement
VirtualQuery
SetConsoleCtrlHandler
InterlockedIncrement
SetLastError
GetDateFormatA
IsDebuggerPresent
UnhandledExceptionFilter
GetStdHandle
HeapReAlloc
MultiByteToWideChar
ExitProcess
FreeEnvironmentStringsW
EnterCriticalSection
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
LCMapStringA
GetModuleHandleA
GetProcessHeap
IsValidCodePage
IsValidLocale
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetFileType
GetStartupInfoA
GetCurrentProcessId
GetModuleFileNameA
LCMapStringW
GetEnvironmentStringsW
MapViewOfFileEx
GetTickCount
HeapSize
GetCommandLineA
GetOEMCP
TlsAlloc
SetHandleCount
RtlUnwind
GetModuleFileNameW
GetSystemTimeAsFileTime
InterlockedExchange
LeaveCriticalSection
GetCPInfo
GetACP
GetStartupInfoW
CompareStringA
HeapDestroy

advapi32

LogonUserA
CryptEnumProvidersA
DuplicateToken
RegLoadKeyW
LookupPrivilegeDisplayNameW
RegSetValueExA
CryptGetKeyParam
CryptGenKey
CryptDeriveKey
CryptDuplicateHash
CryptSignHashA
RegOpenKeyExW
RegEnumKeyExW

comdlg32

LoadAlterBitmap
PageSetupDlgW
GetSaveFileNameA
GetSaveFileNameW
ChooseFontA
ReplaceTextA
ChooseFontW
GetFileTitleW
GetOpenFileNameA
ReplaceTextW
PageSetupDlgA
PrintDlgW
ChooseColorA
FindTextW
GetFileTitleA

wininet

FtpGetFileEx
SetUrlCacheConfigInfoA
GopherGetLocatorTypeA
InternetConfirmZoneCrossing
InternetGetCertByURLA
FindNextUrlCacheEntryW
InternetReadFileExW
InternetSecurityProtocolToStringW
InternetConfirmZoneCrossingA
DeleteUrlCacheEntry
DeleteUrlCacheGroup
FindFirstUrlCacheEntryExW
InternetQueryDataAvailable
InternetOpenW
FindFirstUrlCacheEntryW
GopherCreateLocatorA
IsUrlCacheEntryExpiredW
GetUrlCacheGroupAttributeA
InternetTimeFromSystemTimeA
InternetWriteFileExA
SetUrlCacheEntryInfoW
InternetConfirmZoneCrossingW
LoadUrlCacheContent
GopherGetLocatorTypeW

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b734b0fdaf85010c7f75fbd739ebeac

Headers

File Characteristics

Imports

kernel32

advapi32

comdlg32

wininet

Sections

.text Size: 123KB - Virtual size: 123KB

.data Size: 139KB - Virtual size: 138KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 123KB - Virtual size: 123KB

.data
Size: 139KB - Virtual size: 138KB

.rsrc
Size: 8KB - Virtual size: 8KB