b4b881966780018d804c374e602b446e

Sharing

Copy URL Twitter E-mail

General

Target

b4b881966780018d804c374e602b446e
Size

439KB
MD5

b4b881966780018d804c374e602b446e
SHA1

57d20b2640f34235b3fa00c78391c574e1796982
SHA256

eb8b024e5cc1054bd091c440fdc978506bc07d9a2f336880b7a0657a8bd2c154
SHA512

b941d65a2ee02493907e0d648f07b43bc6eea34b5bd8f8269458432a2e27ff9f8e5d5202e490aca7462424070e22f546516347c8ff5667c67e1dc43a99f32527
SSDEEP

12288:jsyeqRFs8pNo+Wcownhq2mJvjxxsy8Fo:g2VZWcowhq2mFxxsq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4b881966780018d804c374e602b446e

Files

b4b881966780018d804c374e602b446e
.exe windows:4 windows x86 arch:x86

052d4ae7ffc46cae36d48556fc8e0fad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PageSetupDlgW
ChooseColorW
GetOpenFileNameA
GetFileTitleW

shell32

SHGetPathFromIDList
DragQueryFileA
SheGetDirA

kernel32

CompareStringW
SetEnvironmentVariableA
GetLastError
LeaveCriticalSection
GetTickCount
GetStartupInfoA
GetCurrentThread
GetTimeZoneInformation
IsValidLocale
GetStringTypeW
GetEnvironmentStringsW
SetConsoleCtrlHandler
LocalFlags
GetTimeFormatA
GetSystemTimeAsFileTime
InitializeCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetStdHandle
EnumSystemLocalesA
QueryPerformanceCounter
GetCPInfo
TlsAlloc
GetTempPathW
GetModuleHandleA
GetProcessHeap
SetUnhandledExceptionFilter
VirtualQuery
ExitProcess
TlsGetValue
GetOEMCP
LCMapStringW
FreeEnvironmentStringsA
TlsFree
WideCharToMultiByte
InterlockedIncrement
IsDebuggerPresent
GetCurrentThreadId
IsValidCodePage
TlsSetValue
GetStringTypeA
FreeLibrary
Sleep
GetProcAddress
VirtualAlloc
LCMapStringA
GetCommandLineA
GetModuleFileNameA
TerminateProcess
LoadLibraryA
HeapSize
GetCurrentProcess
InterlockedDecrement
WriteFile
RtlUnwind
HeapCreate
HeapDestroy
GetACP
HeapAlloc
FreeEnvironmentStringsW
GetLocaleInfoA
VirtualFree
CompareStringA
GetVersionExA
InterlockedExchange
GetLocaleInfoW
GetProcAddress
MultiByteToWideChar
GlobalFindAtomA
GetEnvironmentStrings
SetHandleCount
DeleteCriticalSection
HeapReAlloc
GetFileType
SetLastError
GetDateFormatA
HeapFree
ConnectNamedPipe
GetUserDefaultLCID
UnhandledExceptionFilter

user32

LoadCursorW
SendMessageTimeoutW
InsertMenuItemA
DefDlgProcW
DdeNameService
MessageBeep
GetClassInfoA
WindowFromPoint
SetCapture
RegisterClassW
IsChild
GetDCEx
SetShellWindow
ChangeClipboardChain
GetInputDesktop

gdi32

EnumEnhMetaFile
CreateICA
GetCharacterPlacementA
SetLayout
EndPath
CancelDC
GetGlyphOutline
PolyBezier
GetCharWidthA
GetWorldTransform
CreateICW
AngleArc
GetFontData
RemoveFontResourceW
CreateSolidBrush
TranslateCharsetInfo
GetCharWidthW
SetWorldTransform
LPtoDP
GetMetaRgn
AddFontResourceW
GetPixel

advapi32

GetUserNameA
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
LookupSecurityDescriptorPartsW
RegConnectRegistryA
CryptDuplicateHash
RegQueryValueW
CreateServiceW
RegDeleteKeyW
RegCloseKey

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

052d4ae7ffc46cae36d48556fc8e0fad

Headers

File Characteristics

Imports

comdlg32

shell32

kernel32

user32

gdi32

advapi32

Sections

.text Size: 135KB - Virtual size: 135KB

.rdata Size: 9KB - Virtual size: 24KB

.data Size: 280KB - Virtual size: 279KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 135KB - Virtual size: 135KB

.rdata
Size: 9KB - Virtual size: 24KB

.data
Size: 280KB - Virtual size: 279KB

.rsrc
Size: 13KB - Virtual size: 13KB