bdd1b4f8aab749ec8e83cd9d6efab283

Sharing

Copy URL Twitter E-mail

General

Target

bdd1b4f8aab749ec8e83cd9d6efab283
Size

395KB
MD5

bdd1b4f8aab749ec8e83cd9d6efab283
SHA1

ad0b0065bf1efe08281d5e56bc123e256b1600d3
SHA256

bdc1139bb762cab7d67cc50b31f095e6f9ba2e56d8620300382f377caed504c0
SHA512

5949e13e3a27575139e3e1ea73706f3ed5d2e4ee719024271da2d9d596d4f1ab8f0140f8fad6f9b28687ad142b310842caa173b287bbe6f7ed6d027d31f70a5b
SSDEEP

6144:4cgy87rkFtDxqCQ2biZRg+K6aSZibXmyGUfO3T+h8/D4+ayM3pVV2zjVCQN:4cgyMkbxqCQSxB5bbXPGUWiCE++qYQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdd1b4f8aab749ec8e83cd9d6efab283

Files

bdd1b4f8aab749ec8e83cd9d6efab283
.exe windows:4 windows x86 arch:x86

da193c6a56de1a30749626594e5410cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptVerifySignatureA
DuplicateTokenEx
RegSetValueW
RegEnumValueA
LogonUserW
RegDeleteKeyW
AbortSystemShutdownA
CryptEnumProvidersW
ReportEventW
CryptSignHashA
RegQueryInfoKeyA
CryptDeriveKey
CryptGetDefaultProviderW
CryptCreateHash
LookupPrivilegeValueW
CryptContextAddRef
GetUserNameA
CryptHashSessionKey
CryptGenKey
CryptAcquireContextA

wininet

RetrieveUrlCacheEntryStreamA
InternetCrackUrlA
InternetReadFile
FreeUrlCacheSpaceA

comdlg32

ChooseFontW
GetOpenFileNameA
ReplaceTextW
PrintDlgA
FindTextW
PageSetupDlgW
PrintDlgW
ChooseFontA
GetOpenFileNameW
LoadAlterBitmap
ChooseColorA
GetFileTitleA
GetSaveFileNameA
ReplaceTextA
GetSaveFileNameW
ChooseColorW

shell32

SHGetPathFromIDListW
SHFreeNameMappings
SHEmptyRecycleBinA
RealShellExecuteA
SHFormatDrive
InternalExtractIconListW
SHFileOperationW
ShellExecuteExW

kernel32

TerminateProcess
GetFileType
TlsFree
GetTickCount
ExitProcess
VirtualAlloc
GetCurrentProcessId
GetCPInfo
GetOEMCP
lstrcpyn
ResetEvent
GetEnvironmentStrings
GetLastError
InterlockedExchange
FreeEnvironmentStringsA
FindFirstFileExW
WideCharToMultiByte
IsBadWritePtr
GetCurrentProcess
LeaveCriticalSection
VirtualFree
GetStringTypeA
DeleteCriticalSection
LCMapStringW
HeapReAlloc
GetLogicalDriveStringsA
TlsAlloc
InitializeCriticalSection
LCMapStringA
VirtualQuery
CreateNamedPipeW
GetModuleFileNameA
GetEnvironmentStringsW
GetCurrentThread
UnhandledExceptionFilter
FreeEnvironmentStringsW
HeapCreate
GetCurrentThreadId
GetFileAttributesA
GetVersion
CopyFileA
lstrcmpiA
MultiByteToWideChar
GetCommandLineA
GetACP
GetSystemTimeAsFileTime
LoadLibraryA
IsDebuggerPresent
HeapDestroy
EnterCriticalSection
GetConsoleCP
GetCurrencyFormatW
HeapFree
GetStringTypeW
QueryPerformanceCounter
SetLastError
GetStartupInfoA
GetModuleHandleA
TlsSetValue
HeapAlloc
RtlUnwind
SetHandleCount
WriteFile
TlsGetValue
GetStdHandle
GetProcAddress

gdi32

PolyDraw
SwapBuffers

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da193c6a56de1a30749626594e5410cd

Headers

File Characteristics

Imports

advapi32

wininet

comdlg32

shell32

kernel32

gdi32

Sections

.text Size: 114KB - Virtual size: 113KB

.data Size: 267KB - Virtual size: 287KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 114KB - Virtual size: 113KB

.data
Size: 267KB - Virtual size: 287KB

.rsrc
Size: 13KB - Virtual size: 12KB