967fd2458f413fc5b2fa0e389acc18d8

Sharing

Copy URL Twitter E-mail

General

Target

967fd2458f413fc5b2fa0e389acc18d8
Size

474KB
MD5

967fd2458f413fc5b2fa0e389acc18d8
SHA1

9e3d2fe291ab7a46a470f3537c065a127a51e541
SHA256

970c0a52d00963acd55f8e7702d6252774939fa6b4fc74de1e886bc8d41df0c7
SHA512

8b30950ef2aeb336aa50d7a4bb345ae8213cf6ed8625fd21b9add50dc3c164840aa959eec7b68ec2aa2e4bf33abfc51ecf977090646f34aed1175bdd076dedc7
SSDEEP

12288:wE5T9ny4ZUYR+//4yAcUXtVFxq+W4ApPsToe:X5xyAUYg//4tWNpPsToe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
967fd2458f413fc5b2fa0e389acc18d8

Files

967fd2458f413fc5b2fa0e389acc18d8
.exe windows:4 windows x86 arch:x86

55de8843323e8953c823f4b4c4106843

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\WIQACDGI\PAERO\LFEC\URLOXKXT.PDB

Imports

comctl32

InitCommonControlsEx

kernel32

GetEnvironmentStrings
SetStdHandle
GetLastError
GetCurrentProcessId
GetCurrentThreadId
HeapCreate
GetSystemTime
GetModuleFileNameA
VirtualFree
VirtualAlloc
GetProcAddress
GetFileType
WideCharToMultiByte
WriteFile
OpenMutexA
DeleteCriticalSection
GetCurrentProcess
GetStringTypeA
IsBadWritePtr
ExitProcess
LoadLibraryA
GetTimeZoneInformation
GetStdHandle
SetLastError
GetModuleHandleA
HeapReAlloc
GetStartupInfoA
FreeEnvironmentStringsW
MultiByteToWideChar
InterlockedExchange
HeapFree
LCMapStringW
GetLocalTime
GetVersion
LCMapStringA
GetTickCount
LeaveCriticalSection
SetFilePointer
EnterCriticalSection
QueryPerformanceCounter
GetStringTypeW
InterlockedIncrement
HeapDestroy
GetEnvironmentStringsW
SetEnvironmentVariableA
TlsAlloc
AllocConsole
TerminateProcess
FreeEnvironmentStringsA
ReadFile
HeapAlloc
GetACP
GetCPInfo
RtlZeroMemory
InterlockedDecrement
UnhandledExceptionFilter
GetCurrentThread
TlsSetValue
FlushFileBuffers
RtlUnwind
GetSystemTimeAsFileTime
CompareStringA
GetCommandLineA
VirtualQuery
InitializeCriticalSection
CompareStringW
TlsGetValue
CreateMutexA
TlsFree
SetHandleCount
GetOEMCP
CloseHandle

user32

BroadcastSystemMessageW
GetWindowTextA
GetInputDesktop
SendDlgItemMessageW
EndPaint
SendDlgItemMessageA
SetScrollPos
SetPropA
WindowFromDC
GetMonitorInfoA
GetWindowTextLengthA
GetMenuStringW
ToUnicode
IntersectRect
RegisterClassExA
GrayStringW
RegisterClassA
GetKeyboardLayoutList
GetMessageExtraInfo

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55de8843323e8953c823f4b4c4106843

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

Sections

.text Size: 314KB - Virtual size: 313KB

.rdata Size: 28KB - Virtual size: 50KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 314KB - Virtual size: 313KB

.rdata
Size: 28KB - Virtual size: 50KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 28KB - Virtual size: 27KB