9b05d286adeedcdb117ee3c27b19decc

Sharing

Copy URL

Twitter E-mail

General

Target

9b05d286adeedcdb117ee3c27b19decc
Size

278KB
MD5

9b05d286adeedcdb117ee3c27b19decc
SHA1

c4ae8b0ec5831d316a3a7c77be8a003ae1cb3499
SHA256

79eff290ada6359071559e317173216a29129c781c70309d523e591127eb3929
SHA512

b9dbb3ea0b01066ee088f8416aaf1abede2d3b3d95d68237cc98bca23c3f6c3da2b96ec30ca594ca316cca899f2b1858f847a000e7546c5eafbe3b95c3b78072
SSDEEP

6144:yIKV08K3WwA3ooV1JDuzrhGb6adzza4u8GrD4N8zUSQJCoPNxcN94JItSIh2X:yIKVJK3Wv3rVrDuztG+c3u8Grg8zzQJN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b05d286adeedcdb117ee3c27b19decc

Files

9b05d286adeedcdb117ee3c27b19decc
.exe windows:4 windows x86 arch:x86

1d3481c47acd704e5b4b9f8f3c31de24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

FindTextW
GetOpenFileNameW
ReplaceTextW
ChooseColorA

wininet

GetUrlCacheConfigInfoA
FindNextUrlCacheEntryA
HttpEndRequestW
InternetFindNextFileW
GopherGetAttributeW
FtpCommandA
InternetConfirmZoneCrossing
FtpGetFileSize
InternetTimeToSystemTimeW
SetUrlCacheConfigInfoA
SetUrlCacheEntryGroupW
SetUrlCacheGroupAttributeW
HttpCheckDavCompliance
FindFirstUrlCacheContainerW
ShowSecurityInfo
FtpGetCurrentDirectoryA

advapi32

LookupPrivilegeNameW

gdi32

SetBkMode
GetICMProfileA
EnumFontFamiliesExA
SetGraphicsMode
CreateDIBitmap
SetROP2
SetTextAlign
PlgBlt

kernel32

GetACP
GetStartupInfoW
GetCPInfo
GetCurrentProcessId
InitializeCriticalSection
GetProcessHeap
GetFileType
LCMapStringW
HeapReAlloc
VirtualAlloc
GetStringTypeA
RtlUnwind
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetStartupInfoA
GetEnvironmentStringsW
EnumSystemLocalesA
TlsSetValue
RemoveDirectoryA
GlobalAddAtomW
ConnectNamedPipe
GetOEMCP
GetCommandLineA
GetUserDefaultLCID
DeleteCriticalSection
Sleep
GetCommandLineW
InterlockedIncrement
TlsGetValue
GetCurrentThreadId
SetLastError
GetVersionExA
lstrcpyn
InterlockedDecrement
GetProcAddress
MultiByteToWideChar
WriteFile
SetEnvironmentVariableA
GetEnvironmentStrings
ExitProcess
LeaveCriticalSection
GetCompressedFileSizeW
GetLastError
GetDateFormatA
GetTimeFormatA
SetHandleCount
TlsFree
GetTickCount
GetTimeZoneInformation
SetFileAttributesA
CompareStringW
WritePrivateProfileStructW
HeapAlloc
GetLocaleInfoA
IsValidLocale
VirtualProtect
LoadLibraryA
FreeEnvironmentStringsW
ResetEvent
GetCurrentThread
GetStringTypeW
GetCurrentProcess
QueryPerformanceCounter
AllocConsole
VirtualFree
EnumDateFormatsExW
IsValidCodePage
GetStdHandle
HeapFree
GetLocaleInfoW
UnhandledExceptionFilter
GetModuleFileNameW
SetUnhandledExceptionFilter
HeapCreate
GetThreadSelectorEntry
TlsAlloc
IsDebuggerPresent
WideCharToMultiByte
InterlockedExchange
SetConsoleCtrlHandler
GlobalFindAtomW
TerminateProcess
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
HeapDestroy
LCMapStringA
VirtualQuery
EnterCriticalSection
CompareStringA
HeapSize

user32

SetDlgItemTextA
GetUpdateRect
NotifyWinEvent
RemoveMenu
BroadcastSystemMessage
IsDialogMessageA
PostMessageW
DdeQueryConvInfo

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d3481c47acd704e5b4b9f8f3c31de24

Headers

File Characteristics

Imports

comdlg32

wininet

advapi32

gdi32

kernel32

user32

Sections

.text Size: 131KB - Virtual size: 131KB

.data Size: 139KB - Virtual size: 161KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 131KB - Virtual size: 131KB

.data
Size: 139KB - Virtual size: 161KB

.rsrc
Size: 6KB - Virtual size: 5KB