b4ba98739bd67dcf0691951fa93adab4

Sharing

Copy URL

Twitter E-mail

General

Target

b4ba98739bd67dcf0691951fa93adab4
Size

41KB
MD5

b4ba98739bd67dcf0691951fa93adab4
SHA1

e30d49e8db7b484aacbf9babe712d127753f2703
SHA256

6696b416b5b1ac87253efc5bcf5f953123e6a8bf480c1b6bd065b8add870c445
SHA512

dbb89c932ac444ed9a51d9e467976b8dda679a94e708897f55f32d68a1387f7df7b7ec716c405cfeb104983090cbb518b25ccc0c769a17e491797b18bc3952ca
SSDEEP

768:cfaEMwMptrp2mubZ7bZEMqs7rROajvICREZ4MmNq3mfZ2cbL+d4NMg:cfanfTrgbZ7bZEMf7rVjvIZ28cbGg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4ba98739bd67dcf0691951fa93adab4

Files

b4ba98739bd67dcf0691951fa93adab4
.exe windows:4 windows x86 arch:x86

19aeb6e5cce988c464193a0d2bb9bf24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance

kernel32

lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
WriteFile
lstrlenA
lstrlenW
WideCharToMultiByte
UnmapViewOfFile
Sleep
SetFilePointer
RtlMoveMemory
RemoveDirectoryA
ReadFile
CloseHandle
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MoveFileA
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetStartupInfoA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetFileSize
GetFileAttributesA
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateProcessA
CreateFileMappingA
CreateFileA
CreateDirectoryA
CopyFileA
CompareStringA
lstrcpynA

user32

wsprintfA
ReleaseDC
GetDC

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SysAllocString
SysFreeString

advapi32

OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
AdjustTokenPrivileges
RegCreateKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shlwapi

StrStrIA
StrRChrA
StrCmpNA
StrChrA

shell32

ShellExecuteA

wsock32

htonl
getsockname
gethostname
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
htons
WSAStartup
WSACleanup
inet_addr
listen
socket
shutdown
send
select
recv

ws2_32

WSAIoctl
WSASocketA

rasapi32

RasGetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumEntriesA

gdi32

GetDeviceCaps

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FCryptor
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19aeb6e5cce988c464193a0d2bb9bf24

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

shell32

wsock32

ws2_32

rasapi32

gdi32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 182KB

.rsrc Size: 1024B - Virtual size: 1024B

FCryptor Size: 512B - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 182KB

.rsrc
Size: 1024B - Virtual size: 1024B

FCryptor
Size: 512B - Virtual size: 4KB