be972a16523a14ef29948bcd81653351

Sharing

Copy URL

Twitter E-mail

General

Target

be972a16523a14ef29948bcd81653351
Size

508KB
MD5

be972a16523a14ef29948bcd81653351
SHA1

a4fb8ac8cda62f1f48b89b5d27224fe6bb65aabb
SHA256

08a78675876b7d9460c071178d51cc1d177681a09e11e447148e91dcd9904e9a
SHA512

fea7b9eb76af2cd98695ddb7ba2371f7d7157c2c6bdafee260f30c3508510f75477565ca1d5ae1bbb166ff3b3751c5ad65faef2fcecd50070fb589209105ae2f
SSDEEP

12288:JzicFli8ai/3KQ1CTVQQWkmnFSbYJbMU8brrqLLeQ:TDi8ai/3KQ18QQWkXbYJbx8bvSLj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be972a16523a14ef29948bcd81653351

Files

be972a16523a14ef29948bcd81653351
.exe windows:4 windows x86 arch:x86

2c94135c603f352df14df6233031cd99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
GetNamedPipeHandleStateA
RtlUnwind
VirtualQuery
TerminateProcess
SetHandleCount
ExitProcess
GetEnvironmentStrings
VirtualAlloc
DeleteCriticalSection
GetStartupInfoA
GetTimeZoneInformation
WriteProfileSectionW
FreeEnvironmentStringsA
GetCommandLineW
GetLocaleInfoA
GetStartupInfoW
WriteProfileSectionA
GetProcAddress
HeapFree
TlsAlloc
GetStringTypeA
FoldStringW
LCMapStringW
GlobalDeleteAtom
OpenMutexA
GetEnvironmentStringsW
GetStdHandle
EnumCalendarInfoExA
HeapDestroy
HeapSize
FileTimeToSystemTime
GetPrivateProfileStringA
MultiByteToWideChar
GetSystemTimeAsFileTime
GetModuleFileNameW
GetCurrentProcessId
GetStringTypeW
VirtualProtect
GetLocaleInfoW
SetLastError
UnhandledExceptionFilter
LeaveCriticalSection
InterlockedExchange
FreeEnvironmentStringsW
GetVersionExA
CreateMutexA
EnterCriticalSection
GetTimeFormatA
TlsSetValue
TlsFree
ReadFile
InitializeCriticalSection
WritePrivateProfileStringA
CloseHandle
CompareStringW
GetModuleFileNameA
TerminateThread
GetDateFormatA
HeapReAlloc
IsValidCodePage
HeapAlloc
SetThreadIdealProcessor
SetEndOfFile
SetStdHandle
LocalFlags
GetSystemInfo
SetFilePointer
HeapCreate
InterlockedIncrement
GetFileType
LCMapStringA
GetOEMCP
LoadLibraryA
GetCurrentProcess
IsBadWritePtr
GetCurrentThread
WriteFile
MoveFileA
GetCommandLineA
GetLastError
GetTickCount
GetModuleHandleA
TlsGetValue
lstrlenA
GetEnvironmentVariableW
QueryPerformanceCounter
EnumSystemLocalesA
GetCPInfo
CompareStringA
IsValidLocale
GetCurrentThreadId
GetProfileStringA
GetUserDefaultLCID
GetACP
VirtualFree
WideCharToMultiByte
FlushFileBuffers
lstrcmpi

comctl32

InitCommonControlsEx

wininet

HttpSendRequestExW

user32

RegisterClassExA
GetMenuDefaultItem
GetWindowTextLengthA
GetProcessWindowStation
GetCaretPos
wsprintfW
CharToOemA
LoadMenuIndirectW
RegisterClassA
LookupIconIdFromDirectoryEx
IsCharAlphaNumericW
GetUserObjectSecurity
CharLowerBuffW

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c94135c603f352df14df6233031cd99

Headers

File Characteristics

Imports

kernel32

comctl32

wininet

user32

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 8KB - Virtual size: 38KB

.data Size: 313KB - Virtual size: 313KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 8KB - Virtual size: 38KB

.data
Size: 313KB - Virtual size: 313KB

.rsrc
Size: 9KB - Virtual size: 8KB