969c82a5c5e38bd8434041dc244033bf

Sharing

Copy URL Twitter E-mail

General

Target

969c82a5c5e38bd8434041dc244033bf
Size

520KB
MD5

969c82a5c5e38bd8434041dc244033bf
SHA1

c90e0eafad4c6732a2c81987c82aadb6679e198f
SHA256

04813f6092377aa1a6238fc07fd7e59b6d6a8d03f636ef624803d851bc079f48
SHA512

d212b587fbf3d5cdfb254fdbdb886d49c53ebe5e6d049bd4b369b0c386761cf7879b468d21718d8dfd9ac3b0de3257402f92cf8ac0aee6665062983595442a46
SSDEEP

12288:D3qAyPEXvIFCQQQ75ZqsDVlQ7EaPQMWZfADl:rq/cXvIFCZG3qs7qpWZfADl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
969c82a5c5e38bd8434041dc244033bf

Files

969c82a5c5e38bd8434041dc244033bf
.exe windows:4 windows x86 arch:x86

1d5b88a7593ae34c6a11179e4afcd28d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

SetUrlCacheEntryGroup
DeleteUrlCacheContainerW
FindCloseUrlCache
InternetOpenUrlA
GopherGetAttributeW
FtpGetFileA
DetectAutoProxyUrl

kernel32

TlsSetValue
DebugBreak
GetStartupInfoW
GetCurrentThreadId
CompareStringA
WriteFile
HeapFree
LeaveCriticalSection
HeapReAlloc
RtlUnwind
InterlockedIncrement
HeapDestroy
GetModuleHandleA
GetFileType
WideCharToMultiByte
GetStdHandle
FlushFileBuffers
CloseHandle
GetCPInfo
WriteConsoleA
SetVolumeLabelW
SetEnvironmentVariableA
FreeResource
TlsAlloc
GetVersionExW
InterlockedExchange
GetSystemTimeAsFileTime
SetCurrentDirectoryA
GetLastError
VirtualQuery
InitializeCriticalSection
GetEnvironmentStringsW
MoveFileW
EnumResourceNamesA
FindNextFileA
DeleteCriticalSection
SetLastError
GetCalendarInfoW
InterlockedDecrement
QueryPerformanceCounter
GetCommandLineA
GetCurrentProcess
GetVersion
FreeEnvironmentStringsW
VirtualAlloc
TlsGetValue
FindAtomA
GetStartupInfoA
GetModuleFileNameA
GetSystemTime
GetCurrentProcessId
LCMapStringW
GetEnvironmentStrings
OpenMutexA
GetCommandLineW
IsBadWritePtr
HeapCreate
FreeEnvironmentStringsA
LoadLibraryA
GetCurrentThread
SetFilePointer
TerminateProcess
CreateMutexA
SetStdHandle
MultiByteToWideChar
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameW
GetTimeZoneInformation
GetStringTypeW
GetLocalTime
CompareStringW
EnterCriticalSection
GetStringTypeA
ExitProcess
HeapAlloc
SetHandleCount
TlsFree
ReadFile
VirtualFree
LCMapStringA
GetTickCount

user32

CreateMenu
RegisterClassA
RegisterClassExA

shell32

SHGetFileInfoA

comctl32

InitCommonControlsEx

advapi32

RegQueryValueExW
RegSetValueExA
RegConnectRegistryW
RegQueryMultipleValuesA
CryptAcquireContextA
RegSetValueExW
StartServiceA
RegLoadKeyW
CryptGetDefaultProviderW
InitiateSystemShutdownA
RegSetKeySecurity
RegDeleteValueW
CryptVerifySignatureA
CryptHashSessionKey
CryptSignHashW
LookupPrivilegeValueW
CryptDestroyKey
LookupPrivilegeDisplayNameW
InitializeSecurityDescriptor
LookupPrivilegeNameA
CreateServiceA

gdi32

GetBkColor
SelectClipPath
GetTextExtentPointW
SelectObject
GetColorAdjustment
SetDIBits

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d5b88a7593ae34c6a11179e4afcd28d

Headers

File Characteristics

Imports

wininet

kernel32

user32

shell32

comctl32

advapi32

gdi32

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 5KB - Virtual size: 11KB

.data Size: 314KB - Virtual size: 314KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 5KB - Virtual size: 11KB

.data
Size: 314KB - Virtual size: 314KB

.rsrc
Size: 5KB - Virtual size: 5KB