a9cdd6ddb799bda155ce69279039d849

Sharing

Copy URL Twitter E-mail

General

Target

a9cdd6ddb799bda155ce69279039d849
Size

407KB
MD5

a9cdd6ddb799bda155ce69279039d849
SHA1

9bcd87591d5137c7557b7df198921b794284a910
SHA256

11b382e6999f4a90a3a9b3f1dadd8f13abe74994bed9d95a611d79efb6f9c680
SHA512

59d41dd2168a442fa286c1a549a905cee87fbb874a1bafda71276b8a9ce24749763f8a6f011d471c0673604def4c6104f5286f43614a413bfc64b3ad1c712475
SSDEEP

6144:U1gMSPprjkcN+m7v87D4CgwyomF/Oe50Bj3IRtRuKm0FfACirdCvSahr+qp4RK+w:+rApjXx8IhwWB50BbIRtQ+9yCdmRHW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9cdd6ddb799bda155ce69279039d849

Files

a9cdd6ddb799bda155ce69279039d849
.exe windows:4 windows x86 arch:x86

f3df94d9e29e8499c0507f0845320112

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CombineTransform
GetDIBColorTable
GetPixelFormat
SelectObject
EnumFontFamiliesExW
GdiPlayScript
CreateDIBSection
GetDeviceCaps
LineTo
GetWindowOrgEx
DeleteMetaFile
GetICMProfileA
GetCharWidthW

user32

GetClassLongA
VkKeyScanA
CheckRadioButton
SetWindowLongA
InSendMessage

advapi32

AbortSystemShutdownA
InitiateSystemShutdownA
RegFlushKey
CryptHashSessionKey
RegConnectRegistryW
CryptSignHashA
LookupPrivilegeNameA
CryptImportKey
CryptEnumProvidersA
RegSetKeySecurity
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryInfoKeyW
CryptCreateHash
CryptExportKey
DuplicateToken
RegEnumKeyA
RegDeleteValueW
CreateServiceW
LookupPrivilegeNameW
LookupAccountNameW

comdlg32

ChooseColorW

kernel32

WriteFile
LocalCompact
WritePrivateProfileSectionA
VirtualAlloc
IsBadWritePtr
GetFileType
GetModuleFileNameA
GetCommandLineA
MultiByteToWideChar
TlsSetValue
LoadLibraryA
LeaveCriticalSection
TerminateProcess
GetCurrentThread
HeapFree
GetEnvironmentStringsW
RtlUnwind
FreeEnvironmentStringsA
TlsGetValue
HeapReAlloc
TlsAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
HeapDestroy
SetLastError
DeleteCriticalSection
ExitProcess
IsValidCodePage
SetThreadAffinityMask
WriteConsoleW
InitializeCriticalSection
GetCurrentProcessId
LocalFileTimeToFileTime
GetModuleFileNameW
VirtualQuery
CreateFileA
UnhandledExceptionFilter
GetTickCount
GetCurrentProcess
GetCurrentThreadId
TlsFree
GetEnvironmentStrings
HeapCreate
lstrcpynW
GetVersion
GetStartupInfoA
GetStartupInfoW
EnterCriticalSection
InterlockedExchange
VirtualFree
GetStdHandle
GetLastError
GetProcAddress
FreeEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
SetHandleCount
HeapAlloc

wininet

InternetQueryDataAvailable
InternetInitializeAutoProxyDll
SetUrlCacheConfigInfoW
InternetTimeFromSystemTimeW
FindFirstUrlCacheContainerW
GopherGetLocatorTypeA
RetrieveUrlCacheEntryFileW
InternetCreateUrlW
GetUrlCacheGroupAttributeW
InternetSecurityProtocolToStringA
InternetTimeToSystemTimeW
LoadUrlCacheContent
InternetShowSecurityInfoByURL
FindFirstUrlCacheContainerA
InternetGetCertByURL
InternetTimeFromSystemTimeA
ResumeSuspendedDownload
FtpDeleteFileW
InternetReadFileExA
InternetCrackUrlA
CreateUrlCacheContainerW
GopherGetAttributeW
InternetOpenA
FtpCommandA

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3df94d9e29e8499c0507f0845320112

Headers

File Characteristics

Imports

gdi32

user32

advapi32

comdlg32

kernel32

wininet

Sections

.text Size: 123KB - Virtual size: 122KB

.data Size: 267KB - Virtual size: 274KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 123KB - Virtual size: 122KB

.data
Size: 267KB - Virtual size: 274KB

.rsrc
Size: 15KB - Virtual size: 15KB