967af6e967275366c486dcf17e73b489

Sharing

Copy URL Twitter E-mail

General

Target

967af6e967275366c486dcf17e73b489
Size

194KB
MD5

967af6e967275366c486dcf17e73b489
SHA1

b087f7b3b1b9f14ffdf94079313a3e912540aa2d
SHA256

b9486b619175262f29c04abdf5783bdea0e8be756217f6b6a2d163620eb29b4c
SHA512

9a94b978662033ab3a2dfb4daa4d0f47ede9b816dbf71bf29ca8e508997d64062ed7a96af76f400db2e0ad536c46fee520e79e0f5ee9b1e6d42147f3f35918a4
SSDEEP

3072:Lq87Dfd8DYZebgzTgkXnOwzRiZpSvzeJjW35eAWuJ6RBzaM44A+107:7DWDYNgkXnOyRVsjrBz744Ay

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
967af6e967275366c486dcf17e73b489

Files

967af6e967275366c486dcf17e73b489
.exe windows:4 windows x86 arch:x86

7a83a970888643940fbeb7a574592ba3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
LoadResource
SetEndOfFile
GetTimeZoneInformation
HeapDestroy
WritePrivateProfileStringA
FindClose
DeleteFileA
CreateToolhelp32Snapshot
RemoveDirectoryA
GetPrivateProfileSectionW

wininet

InternetGetCertByURLA
InternetGoOnlineW
InternetCanonicalizeUrlW
InternetQueryOptionW
FreeUrlCacheSpaceW
FtpRemoveDirectoryA
InternetSetDialStateW
GopherGetLocatorTypeA
InternetAlgIdToStringA
InternetReadFileExA
InternetGetCookieW
GopherGetAttributeW
InternetDial
SetUrlCacheEntryGroupW
FtpRemoveDirectoryW
RetrieveUrlCacheEntryStreamA
InternetCloseHandle
FtpOpenFileA
InternetTimeFromSystemTimeA
UrlZonesDetach
InternetOpenW
FtpFindFirstFileA
InternetCrackUrlW
SetUrlCacheEntryGroup
IsUrlCacheEntryExpiredW
HttpEndRequestA
InternetFortezzaCommand
CommitUrlCacheEntryW
InternetTimeFromSystemTimeW
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FtpFindFirstFileW
DeleteUrlCacheContainerW
InternetSetDialStateA
InternetAutodial
InternetHangUp
InternetReadFile
InternetGetConnectedStateExW
DeleteIE3Cache
GetUrlCacheConfigInfoW
RunOnceUrlCache
InternetOpenUrlW
GopherGetAttributeA
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA

shell32

SHFileOperation
SHFormatDrive
SHAddToRecentDocs
DragQueryFile
SheChangeDirExW
SheChangeDirA
RealShellExecuteExW
DragQueryFileW
SHQueryRecycleBinA
SHGetDataFromIDListW
SHFileOperationW
SHGetSettings
SHGetInstanceExplorer
SHGetDiskFreeSpaceA
DragQueryFileAorW
SHGetFileInfo
ExtractIconEx
DragQueryFileA
DoEnvironmentSubstW
ExtractAssociatedIconExW
SHGetMalloc
SHFileOperationA
FindExecutableW
SHGetPathFromIDListA
ShellExecuteExW
SHGetSpecialFolderLocation
SHBrowseForFolder
ShellAboutA
DragAcceptFiles
SHAppBarMessage
ShellExecuteEx
SHBrowseForFolderW
InternalExtractIconListW
DragQueryPoint
SHGetFileInfoA
RealShellExecuteW
SheGetDirA
CommandLineToArgvW
SHGetNewLinkInfo
SHGetDataFromIDListA
FindExecutableA
SHGetSpecialFolderPathW
ExtractAssociatedIconA
SHLoadInProc
SHGetPathFromIDListW
ShellHookProc
DragFinish
SHFreeNameMappings
DuplicateIcon
SHGetDesktopFolder
InternalExtractIconListA
FreeIconList
CheckEscapesW
SheSetCurDrive
DoEnvironmentSubstA
RealShellExecuteExA
RealShellExecuteA
SHGetPathFromIDList
ShellAboutW
SHUpdateRecycleBinIcon
SHEmptyRecycleBinW
SHBrowseForFolderA
ExtractIconExW
SHChangeNotify
SHInvokePrinterCommandA
ExtractAssociatedIconExA

advapi32

RegEnumValueA
RegFlushKey
RegEnumKeyExW
RegCreateKeyW
RegQueryInfoKeyA
LookupAccountSidW
RegEnumValueW
RegSetValueExW
CryptSetProvParam
InitializeSecurityDescriptor
GetUserNameA
RegReplaceKeyW
RegEnumKeyA
CreateServiceW
CryptVerifySignatureW
CryptSetProviderW
LogonUserW
CryptDestroyKey
CryptGetKeyParam
RegDeleteValueW
CryptCreateHash
CryptAcquireContextA
LookupSecurityDescriptorPartsA
LookupAccountNameW
CryptSetHashParam
AbortSystemShutdownW
LookupPrivilegeNameW
CryptSetProviderExA
LookupPrivilegeDisplayNameA
RegLoadKeyA
RegNotifyChangeKeyValue
CryptGetHashParam
RegQueryValueA
RevertToSelf
InitiateSystemShutdownW
RegQueryMultipleValuesA
ReportEventA
CryptAcquireContextW
RegSaveKeyA
RegSaveKeyW
CryptContextAddRef
CryptSetKeyParam
LookupSecurityDescriptorPartsW
RegOpenKeyA
RegRestoreKeyA
CryptEncrypt
CryptSignHashA
DuplicateToken
RegQueryValueW
CryptGetDefaultProviderA
RegOpenKeyExA
RegRestoreKeyW
CryptEnumProviderTypesW
CryptGenKey
CryptGetProvParam
CryptReleaseContext
RegQueryValueExW
CryptHashData
RegSetValueA
RegReplaceKeyA
CryptDestroyHash
CryptSetProviderA

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a83a970888643940fbeb7a574592ba3

Headers

File Characteristics

Imports

kernel32

wininet

shell32

advapi32

Sections

.text Size: 94KB - Virtual size: 93KB

.data Size: 86KB - Virtual size: 86KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 94KB - Virtual size: 93KB

.data
Size: 86KB - Virtual size: 86KB

.reloc
Size: 13KB - Virtual size: 12KB