bd48c52933444f6d7accd9fcecd5fbf1

Sharing

Copy URL Twitter E-mail

General

Target

bd48c52933444f6d7accd9fcecd5fbf1
Size

56KB
MD5

bd48c52933444f6d7accd9fcecd5fbf1
SHA1

7467f7360f840816a30a847c7f626472685a4827
SHA256

a1885f80585fc172e62430d4f92677844f8f510ba3688a3d823d107e59a11952
SHA512

42803c0c44fbc846006b8c170b2ba7402887b91ba31e6196d12b30fb9c775c1ba4ffc0c1aa909cb43cba19cce1deb0015950504c52b041f511f2ac5201702f24
SSDEEP

1536:WKU5Snwxy7y4JsSgQPPyGLsHrpJ+D5QBMP:WKnw++NSupQDCyP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd48c52933444f6d7accd9fcecd5fbf1

Files

bd48c52933444f6d7accd9fcecd5fbf1
.exe windows:4 windows x86 arch:x86

d6c45c1ab055352452b79e55e1948b48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup

advapi32

RegDeleteValueA
GetUserNameA
LookupAccountSidA
OpenProcessToken
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
SetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance

shlwapi

PathFileExistsA

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
calloc
memcpy
_strnicmp
_ftol
malloc
strstr
memset
strchr
fwrite
fopen
fread
fclose
strcmp
toupper
rename
strrchr
strlen
strcpy
sprintf
strcat
_EH_prolog
__CxxFrameHandler
_controlfp
free
exit

kernel32

GetFileTime
GetModuleHandleA
GetStartupInfoA
SetFileTime
OpenProcess
GetCurrentProcess
DuplicateHandle
GetLastError
GetSystemDefaultLangID
GlobalAlloc
GlobalFree
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
GetPriorityClass
Process32Next
LocalFree
GetComputerNameA
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileA
GetFileSize
GetSystemTime
SystemTimeToFileTime
CompareFileTime
MultiByteToWideChar
SetCurrentDirectoryA
CreateProcessA
FileTimeToSystemTime
GetTickCount
FindFirstFileA
CreateDirectoryA
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
OpenMutexA
CloseHandle
SetEvent
FreeLibrary
WaitForSingleObject
Sleep
CreateMutexA
SetFileAttributesA
lstrcmpiA
CopyFileA
GetFileAttributesA
ExitProcess
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
DeleteFileA
CreateEventA
CreateThread

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6c45c1ab055352452b79e55e1948b48

Headers

File Characteristics

Imports

ws2_32

advapi32

mpr

shell32

ole32

shlwapi

msvcrt

kernel32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 27KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 27KB