b4bb18183a042dd2941807d4144942ba

Sharing

Copy URL

Twitter E-mail

General

Target

b4bb18183a042dd2941807d4144942ba
Size

138KB
MD5

b4bb18183a042dd2941807d4144942ba
SHA1

5ca005c0fcbdd8a6e4eb21393517ff818a028ce2
SHA256

e4d41a348276d1c48d5f64fba15570a39a18495ea985b54afa6f8cc238beee1a
SHA512

54f285c99ee7252381f5f70cfd59938aa2e89b10f20ff6ea6eecc905a85065a94a8f1c2716afac98d4116893f6a3bc4e4ced8151e26ea230b6e0230b11399a63
SSDEEP

3072:MZ9bRHFQvcQ9dKiAMzZJtZQ15fkSkLqzTsn+/pzrfM4J19p:MnNlQuiAM9U5f4LH6fhp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4bb18183a042dd2941807d4144942ba

Files

b4bb18183a042dd2941807d4144942ba
.exe windows:1 windows x86 arch:x86

4b1e00e09d85dad2fe876383c3cddb62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
GetPrivateProfileSectionA
GetProcessIoCounters
GetEnvironmentStringsW
GetStringTypeA
HeapReAlloc
CreateTimerQueueTimer
lstrcpyA
SetFilePointer
WriteConsoleInputVDMA
FindNextFileW
ReadFileScatter
WriteProfileStringA
GetLocaleInfoA
CreateFileA
Process32FirstW
GetStringTypeW
GetCurrentThread
GlobalHandle
HeapCreate
EnterCriticalSection
GetFileType
GetNextVDMCommand
GetFileAttributesW
InterlockedPopEntrySList
MulDiv
GlobalDeleteAtom
DeleteCriticalSection
GetPrivateProfileStringA
ReleaseMutex
IsBadStringPtrW
GlobalUnlock
TerminateProcess
GlobalFree
FreeEnvironmentStringsA
FindFirstVolumeW
CreateMutexA
GlobalFlags
WritePrivateProfileStructA
HeapAlloc
GetVersion
GlobalLock
MulDiv
FreeEnvironmentStringsA
GetCPInfo
MoveFileExW
FreeLibraryAndExitThread
ProcessIdToSessionId
FindActCtxSectionGuid
SetProcessAffinityMask
LeaveCriticalSection
QueryDosDeviceW
SetSystemTime
GlobalGetAtomNameA
SetStdHandle
LocalFree
CommConfigDialogA
GetVolumeInformationA
FlushFileBuffers
GetShortPathNameA
HeapDestroy
TlsSetValue
IsBadCodePtr
FindFirstFileA
DebugBreakProcess
FatalAppExitW
GlobalReAlloc
WinExec
RtlZeroMemory
InterlockedIncrement
GetVDMCurrentDirectories
TlsAlloc
VirtualAllocEx
ShowConsoleCursor
lstrcmpiA
HeapAlloc
IsBadReadPtr
SetErrorMode
CreateProcessA
LockFile
LCMapStringW
GetACP
RequestWakeupLatency
SetUnhandledExceptionFilter
LeaveCriticalSection
FreeEnvironmentStringsW
lstrcpynA
Toolhelp32ReadProcessMemory
EnumUILanguagesA
FatalAppExitA
UnlockFileEx
SetHandleCount
SetLastError
WaitForSingleObject
GlobalAddAtomA
SetFileAttributesA
RtlUnwind
IsBadWritePtr
GetSystemWow64DirectoryW
LocalReAlloc
LCMapStringW
lstrlenA
GetConsoleTitleA
MoveFileExA
FindNextFileA
GetFullPathNameA
CreateMailslotW
RaiseException
WritePrivateProfileSectionA
RemoveDirectoryA
SetCurrentDirectoryA
SetVolumeMountPointA
HeapSize
UnhandledExceptionFilter
EnumDateFormatsA
SetHandleCount
Sleep
GetOEMCP
FindFirstFileExA
ReleaseMutex
DeleteFileA
GetCurrentProcess
CreateDirectoryA
AddRefActCtx
Module32FirstW
GetCommConfig
GetLastError
lstrcatA
IsBadCodePtr
GetDateFormatA
DefineDosDeviceA
GetWindowsDirectoryA
HeapFree
LocalAlloc
VirtualFree
LCMapStringA
GetStdHandle
SetFilePointerEx
GetVolumeInformationA
WritePrivateProfileStringA
ReadFile
GetCommandLineA
ReplaceFileW
FreeLibrary
CloseHandle
InterlockedDecrement
GetVersionExA
CreateMailslotA
GlobalAlloc
GetLocaleInfoW
FormatMessageA
GetCommModemStatus
GetThreadTimes
SetMailslotInfo
GetProcessVersion
ConvertFiberToThread
GetCommTimeouts
GetStartupInfoA
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
EnumResourceTypesW
GetTempPathA

user32

SetScrollInfo
TranslateMessage
GetSysColor
GetMenuCheckMarkDimensions
SetRectEmpty
GetSystemMetrics
LoadCursorA
PostQuitMessage
PtInRect
SetScrollPos
EndDialog
DeferWindowPos
GetMenuItemID
DrawTextA
SetWindowLongA
RemovePropA
BeginPaint
LoadAcceleratorsA
ModifyMenuA
LoadBitmapA
UnhookWindowsHookEx
CopyRect
DispatchMessageA
GetDesktopWindow
ReleaseCapture
GetMessageA
TranslateAcceleratorA
DestroyMenu
LoadStringA
GetWindow
GetForegroundWindow
DestroyWindow
UpdateWindow
ReuseDDElParam
SetWindowPos
IsChild
CharUpperA
InvalidateRect
GetDC
SetMenuItemBitmaps
GetWindowLongA
GetClientRect
GetMenuItemCount
wsprintfA
CallNextHookEx
EnableWindow
ClientToScreen
MessageBoxA
WindowFromPoint
BeginDeferWindowPos
SetCursor
LoadIconA
CheckMenuItem
IsWindowEnabled
IsWindowVisible
GetCursorPos
GrayStringA
GetScrollPos
MapWindowPoints
GetLastActivePopup
SetFocus
SetWindowsHookExA
TabbedTextOutA
GetWindowTextA
SendMessageA
EnableMenuItem
GetDlgCtrlID
IsIconic
SetPropA
GetNextDlgTabItem
ShowWindow
PostMessageA
UnregisterClassA
EqualRect
EndPaint
GetParent
IsWindow
GetClassLongA
CreateWindowExA
ReleaseDC
GetTopWindow
GetFocus
AdjustWindowRectEx
GetMessageTime
SetForegroundWindow
GetPropA
FindWindowA
BringWindowToTop
WinHelpA
SetActiveWindow
SetMenu
GetCapture
DefWindowProcA
GetWindowRect
RegisterWindowMessageA
GetActiveWindow
LoadMenuA
GetSubMenu
SetWindowTextA
EndDeferWindowPos
SystemParametersInfoA
GetMessagePos
ShowScrollBar
ShowOwnedPopups
ValidateRect
SetScrollRange
ScreenToClient
GetClassNameA
RegisterClassA
ScrollWindow
GetKeyState
UnpackDDElParam

gdi32

SelectObject
ScaleWindowExtEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
RectVisible
DeleteDC
TextOutA
Escape
SetTextColor
SetBkColor
GetStockObject
GetDeviceCaps
OffsetViewportOrgEx
GetObjectA
SetViewportOrgEx
CreateBitmap
DeleteObject
RestoreDC
ExtTextOutA
SetWindowExtEx
PtVisible
SaveDC
GetClipBox

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
InitializeSecurityDescriptor
RegDeleteValueA
SetSecurityDescriptorDacl

shell32

DragQueryFileA
DragFinish

comctl32

ord17
ImageList_Destroy

sxs

SxsBeginAssemblyInstall
SxsProbeAssemblyInstallation
SxsOleAut32MapReferenceClsidToConfiguredClsid

msi

MsiSetInternalUI
MsiViewExecute
MsiEnumRelatedProductsW
MsiSourceListAddSourceA
MsiAdvertiseProductA
MsiDoActionW
MsiRecordIsNull
MsiDatabaseMergeW
MsiEnumComponentQualifiersA
MsiDatabaseCommit
MsiOpenProductW
MsiGetProductCodeFromPackageCodeW
MsiDatabaseOpenViewA
MsiSourceListEnumMediaDisksW
MsiLocateComponentW
MsiDatabaseImportA
MsiRecordSetStringW
MsiGetFileSignatureInformationA
MsiEnableUIPreview
MsiSetFeatureStateA
MsiSourceListEnumSourcesA
MsiEnumClientsA
MsiConfigureProductExW

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iT
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b1e00e09d85dad2fe876383c3cddb62

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

sxs

msi

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 13KB

.iT Size: 2KB - Virtual size: 26KB

.rsrc Size: 97KB - Virtual size: 97KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 13KB

.iT
Size: 2KB - Virtual size: 26KB

.rsrc
Size: 97KB - Virtual size: 97KB