a131387fa3ed40cb3f4a81919e86f9ce

Sharing

Copy URL

Twitter E-mail

General

Target

a131387fa3ed40cb3f4a81919e86f9ce
Size

36KB
MD5

a131387fa3ed40cb3f4a81919e86f9ce
SHA1

fa4ca0df6b2d29a21f9e3fe1ce045b887bf3efd4
SHA256

3d45846c37a998969051d014c8d3b2f71eeee75e28586d7e24720cbd0ae251b3
SHA512

3d677e9b6ececfba09361a23f4f5a31d4624c73396b5cd3e6fa7d8252337180413ad930b3c12adf8d6a195808007f9d24132a32d9d25562e71c28a37c5d31cb9
SSDEEP

384:CjYKJkcKgVgqjDX1saump3j3d893SBSufGQ+xzfifniY4iUfzgPsQadnBh4c41BO:ajJwgVgiDXuomSBSgEzfKr4pAKhn4nO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a131387fa3ed40cb3f4a81919e86f9ce

Files

a131387fa3ed40cb3f4a81919e86f9ce
.exe windows:4 windows x86 arch:x86

4e82f4046f060f39f704b8d3c54cbd79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA
wnsprintfA
StrStrIA
StrStrA
StrChrA

wininet

InternetGetConnectedState

rpcrt4

UuidCreate
UuidToStringA

kernel32

HeapReAlloc
GetLocalTime
GetPrivateProfileStringA
Sleep
lstrlenA
GetVolumeInformationA
HeapFree
lstrcpyA
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcmpA
lstrcpynA
GetLastError
CreateProcessA
SetLastError
lstrcatA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetTempPathA
GetTickCount
GetCurrentProcessId
InitializeCriticalSection
ExitProcess
GetWindowsDirectoryA
DeleteFileA
CopyFileA
lstrcmpiA
TerminateProcess
OpenProcess
MapViewOfFile
CreateFileMappingA
GetModuleFileNameA
GetModuleHandleA
SetUnhandledExceptionFilter
CreateMutexA
CloseHandle
OpenMutexA
WritePrivateProfileStringA
MoveFileExA
WriteFile
CreateFileA
LockResource
GetSystemDirectoryA
LoadResource
FindResourceA
SetFileAttributesA
SetFileTime
GetFileTime
GetVersionExA
FindClose
FindFirstFileA
ReadFile
GetFileSize
SizeofResource

user32

DestroyWindow
RegisterClassExA
DispatchMessageA
TranslateMessage
GetMessageA
SendMessageA
FindWindowA
GetClassNameA
EnumWindows
RegisterWindowMessageA
PostQuitMessage
GetWindowThreadProcessId
ShowWindow
SetForegroundWindow
EnumThreadWindows
EnumChildWindows
GetForegroundWindow
CreateWindowExA
DefWindowProcA
wsprintfA
KillTimer
SetTimer
GetWindowTextA
PostMessageA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e82f4046f060f39f704b8d3c54cbd79

Headers

File Characteristics

Imports

shlwapi

wininet

rpcrt4

kernel32

user32

advapi32

shell32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.aspack Size: 8KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.aspack
Size: 8KB - Virtual size: 8KB