b943f14ce0c6fb248040d9691a9f5542

Sharing

Copy URL Twitter E-mail

General

Target

b943f14ce0c6fb248040d9691a9f5542
Size

543KB
MD5

b943f14ce0c6fb248040d9691a9f5542
SHA1

0770b96eed6cefeb2701a0f53b0c52f116fbce03
SHA256

38ebcfab3aac6e7d3d2f2651d46eca07aabe17a6e70760e3c6abc3ced922c09d
SHA512

ad61e2d2c40681681f5d7686049ff75962694c1cfceb79be82f0c59b2a493b16d705eecf4cdecbee2b3ef503e827b768d8825b2c44778491034782d4a6c6ba0a
SSDEEP

12288:4WyeS1pWSSgwhdqbZivEC1pxJFheObEI53oT8c7MW0DAB:4uS1UgwhsbspLdheObf3oYc7eo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b943f14ce0c6fb248040d9691a9f5542

Files

b943f14ce0c6fb248040d9691a9f5542
.exe windows:4 windows x86 arch:x86

61aaa8abf0d6d2e6bee76f1e565b109e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

GopherFindFirstFileW
FtpFindFirstFileW
FtpRenameFileW
FtpOpenFileW
DeleteUrlCacheEntry

kernel32

QueryPerformanceCounter
GetDateFormatA
IsValidCodePage
GetFileType
GetCurrentThread
MultiByteToWideChar
CompareStringW
GetModuleHandleA
SetHandleCount
IsValidLocale
TerminateProcess
VirtualQuery
GetLocaleInfoW
GetOEMCP
CompareStringA
HeapCreate
DebugActiveProcess
TlsFree
GetProcAddress
HeapSize
GetStringTypeA
SetEnvironmentVariableA
GetTimeFormatA
GetACP
GetEnvironmentStringsW
WideCharToMultiByte
ReadFile
GetCurrentThreadId
VirtualFree
VirtualAllocEx
WaitNamedPipeW
InitializeCriticalSection
GetSystemTimeAsFileTime
VirtualProtect
GetStartupInfoA
ExitProcess
SetStdHandle
TlsGetValue
GetStartupInfoW
IsBadWritePtr
HeapAlloc
GetLastError
CloseHandle
GetTickCount
LeaveCriticalSection
SetLastError
EnumSystemLocalesA
CreateMutexA
RtlUnwind
GetLongPathNameA
LoadLibraryA
TlsAlloc
LCMapStringW
GetVersionExA
GetStringTypeW
GetFullPathNameA
GetEnvironmentStrings
TlsSetValue
EnterCriticalSection
UnhandledExceptionFilter
GlobalReAlloc
lstrlenA
GetSystemInfo
HeapReAlloc
GetCurrentProcessId
LCMapStringA
FlushFileBuffers
GetUserDefaultLCID
WriteFile
GetStdHandle
GetCommandLineW
DeleteCriticalSection
GetCPInfo
GetCurrentProcess
GetCommandLineA
GetConsoleOutputCP
OpenMutexA
FreeEnvironmentStringsW
lstrcpynW
HeapDestroy
GetModuleFileNameA
GetLocaleInfoA
DeleteFileW
GetTimeZoneInformation
WriteProfileSectionW
lstrlenW
FreeEnvironmentStringsA
SystemTimeToTzSpecificLocalTime
SetFilePointer
VirtualAlloc
GetModuleFileNameW
HeapFree
InterlockedExchange
LoadModule
WritePrivateProfileStructW

comdlg32

ChooseColorW
GetOpenFileNameA

gdi32

ExtSelectClipRgn
CreateICW
IntersectClipRect
CreateRectRgnIndirect
PlgBlt
CombineTransform
RestoreDC
EnumFontsA
EnumFontFamiliesExW
CreatePolyPolygonRgn
SetPixel
EnumICMProfilesA
GetBitmapBits
FixBrushOrgEx
SetSystemPaletteUse

comctl32

ImageList_Remove
ImageList_GetFlags
ImageList_Copy
InitCommonControlsEx

user32

RegisterClipboardFormatA
SetCaretBlinkTime
RegisterClassExA
CheckDlgButton
ShowWindow
MessageBoxW
CallMsgFilterW
RegisterClassA
DdeKeepStringHandle
CreateWindowExW
TrackPopupMenu

advapi32

CryptSetKeyParam
RegRestoreKeyA
RegRestoreKeyW
CryptVerifySignatureW
InitiateSystemShutdownW
RegLoadKeyA
CryptSignHashA
RegDeleteValueA
RegLoadKeyW
CryptSetProviderExW
DuplicateToken
StartServiceW
CryptGenRandom
LogonUserW
CryptSetProviderExA
CryptAcquireContextA
LookupPrivilegeValueA
CryptGetProvParam
CryptVerifySignatureA
LookupAccountNameA
CryptSignHashW
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61aaa8abf0d6d2e6bee76f1e565b109e

Headers

File Characteristics

Imports

wininet

kernel32

comdlg32

gdi32

comctl32

user32

advapi32

Sections

.text Size: 355KB - Virtual size: 354KB

.rdata Size: 20KB - Virtual size: 51KB

.data Size: 111KB - Virtual size: 110KB

.rsrc Size: 55KB - Virtual size: 55KB

.text
Size: 355KB - Virtual size: 354KB

.rdata
Size: 20KB - Virtual size: 51KB

.data
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 55KB - Virtual size: 55KB