b4959d43e7e1a92a5a03c4016cc64cce

Sharing

Copy URL Twitter E-mail

General

Target

b4959d43e7e1a92a5a03c4016cc64cce
Size

52KB
MD5

b4959d43e7e1a92a5a03c4016cc64cce
SHA1

e05ba25e5c0371f7505e7f3d0a8ada7e55160301
SHA256

68022e308ee6b69cb00403088f8b5836e28dd27a5bd30297430100e85579212f
SHA512

21a451a83a335c0fb9cd9eeb73269bb7965d2fcaab6305ec506529a39552d97cbe29b20bd56ce09b1bac9e78a061c0817bcd0bc71bcdcdd02f34cfce2fde7b39
SSDEEP

768:2FEF/ssMkW6udnJZZECT6hQ6EpEtt1Wk3HogdkJ2LOXPWP:2KhidnP6b3XNOe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4959d43e7e1a92a5a03c4016cc64cce

Files

b4959d43e7e1a92a5a03c4016cc64cce
.exe windows:4 windows x86 arch:x86

557eaef0e8efbc1374f8e5cbd4840687

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileInformationByHandle
GetShortPathNameA
GetTempFileNameA
GetTempPathA
GetFileAttributesA
RemoveDirectoryA
WritePrivateProfileStringA
PeekNamedPipe
TerminateThread
CopyFileA
TerminateProcess
LeaveCriticalSection
OpenProcess
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
SetFileAttributesA
WriteFile
GetModuleHandleA
CreateFileA
GetFileSize
GetSystemDirectoryA
ReadFile
CloseHandle
SetFilePointer
GetProcAddress
GetCurrentProcess
LoadLibraryA
GetModuleFileNameA
GetVersion
SetPriorityClass
GetLastError
Sleep
CreateSemaphoreA
WinExec
DeleteFileA
GetWindowsDirectoryA
HeapAlloc
HeapFree
FreeLibrary
CreateThread
CreateProcessA
GetProcessHeap
CreateDirectoryA
SetCurrentDirectoryA
CreatePipe
FindNextFileA
FindFirstFileA
FindClose
GetTickCount
GetStartupInfoA
GetDriveTypeA
MultiByteToWideChar

advapi32

AdjustTokenPrivileges
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegDeleteValueA
RegQueryValueExA
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

mfc42

msvcrt

_acmdln
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__set_app_type
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
__getmainargs
strcpy
strcat
_setmbcp
__CxxFrameHandler
strlen
strcmp
exit
_mbscmp
_controlfp
atoi
atol
rename
strtoul
sprintf
memset
memcpy

shell32

ShellExecuteA

user32

SendMessageA
ExitWindowsEx
KillTimer
MessageBoxA
SetTimer
SetForegroundWindow
DispatchMessageA
PeekMessageA
EnableWindow
TranslateMessage

wininet

InternetGetConnectedState

wsock32

send
closesocket
select
connect
socket
listen
recv
WSAStartup
WSAGetLastError
gethostbyname
gethostname
sendto
bind
setsockopt
htons
inet_addr
accept

Sections

Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

557eaef0e8efbc1374f8e5cbd4840687

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

shell32

user32

wininet

wsock32

Sections

Size: 44KB - Virtual size: 44KB

.rsrc Size: 3KB - Virtual size: 4KB

.avp Size: 4KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avp
Size: 4KB - Virtual size: 4KB