ac19b64a2b0047207246bfef3a1a3e4b

General

Target

ac19b64a2b0047207246bfef3a1a3e4b
Size

20KB
MD5

ac19b64a2b0047207246bfef3a1a3e4b
SHA1

4a49cd53e313c5f7064ffb7431e2c7fd14ddc1e6
SHA256

564cd980252368be89e0a9021f7ce739577ba8fb4a29c3e625b45ca79820061c
SHA512

449ed6abd2d5635b2734f6d5f99af4577db71a661f37dbd67419d33ff4929c46c8bdc2eac75960070dd070b6e04ce6dd430083720c5fb004d6368b477fd9492e
SSDEEP

384:jFLln2Crps9yRuZaxaWeHMR7PjIdcKHYMr2zMqaC7wWD+oVJWB:jFp2AmyayaxMR7PjkcKy3aUwO+AJW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac19b64a2b0047207246bfef3a1a3e4b

Files

ac19b64a2b0047207246bfef3a1a3e4b
.exe windows:4 windows x86 arch:x86

366fd49858dabe5d94cde99e453e28bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atoi
_fullpath
_access
__CxxFrameHandler
_except_handler3
strcmp
strstr
strncpy
_vsnprintf
sscanf
??2@YAPAXI@Z
_itoa
fgets
memcpy
fopen
fseek
fclose
_snprintf
memset
??3@YAXPAX@Z

kernel32

WriteFile
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetProcAddress
GetTickCount
GetExitCodeThread
TerminateThread
CreateThread
CreateMutexA
GetTempPathA
GetFileSize
SetFilePointer
FlushFileBuffers
SetEndOfFile
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateDirectoryA
GetSystemDirectoryA
CreateFileA
GetShortPathNameA
lstrcpyA
lstrlenA
GetVersionExA
CreateProcessA
Sleep
CloseHandle
WaitForSingleObject
GetModuleHandleA
CreateEventA
SetEvent
OpenEventA
GetCommandLineA
lstrcatA
GetModuleFileNameA
GetLastError
lstrcmpiA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetWindowsDirectoryA
MoveFileExA
DeleteFileA
GetTempFileNameA
SetFileAttributesA
GetFileAttributesA

shlwapi

StrStrA
PathFindExtensionA
StrTrimA
PathFindFileNameA
SHDeleteValueA
SHGetValueA
SHSetValueA
StrStrIA
StrRChrA
StrChrA
PathRemoveFileSpecA

wininet

InternetGetConnectedState
InternetCrackUrlA

setupapi

SetupIterateCabinetA

ws2_32

send
recv
ioctlsocket
connect
select
closesocket
htons
gethostbyname
WSACleanup
WSAStartup
socket

shell32

SHGetSpecialFolderPathA

Sections

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

366fd49858dabe5d94cde99e453e28bf

Headers

File Characteristics

Imports

msvcrt

kernel32

shlwapi

wininet

setupapi

ws2_32

shell32

Sections

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 15KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 15KB - Virtual size: 15KB