bff20e1dca465e395b2497ac834816e9

Sharing

Copy URL Twitter E-mail

General

Target

bff20e1dca465e395b2497ac834816e9
Size

283KB
MD5

bff20e1dca465e395b2497ac834816e9
SHA1

67b154d6cccae0e9f017c4566124a7e67bf47664
SHA256

86338cc74629d3734fe6c8f99e002be0f7cce74d1c20ac1e6eacf0841f87247e
SHA512

9d827d68c115b0082ce9cce588816a785edd7a31f5638e6613dbed535637c308091134aa05f0f7b2d445010b3f8008a010387abe1877f1fe84c2bc4709abfcf8
SSDEEP

6144:RF6QEI7buV7CYs0D7Zg/bHJcSu7t/PGHfH:RMsyV5u/7Ji7JP+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bff20e1dca465e395b2497ac834816e9

Files

bff20e1dca465e395b2497ac834816e9
.exe windows:4 windows x86 arch:x86

a5ea212c9b7446efc0f9d280533dabd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDecrypt
CryptSetHashParam
AbortSystemShutdownW
CryptGetHashParam
RegEnumKeyA
CryptSetProviderExA
CryptSignHashW
CryptSetKeyParam
CryptEncrypt
CryptSetProviderExW
RegQueryValueExW
CreateServiceA
CryptSetProviderA
CryptSetProvParam

wininet

InternetGoOnlineA
InternetGoOnline
SetUrlCacheEntryGroup
FreeUrlCacheSpaceA
RunOnceUrlCache
InternetFindNextFileA
FtpGetFileSize
FindFirstUrlCacheEntryW
FtpGetFileEx
GopherOpenFileW
FtpFindFirstFileA
InternetWriteFileExA
InternetReadFileExA
FindNextUrlCacheEntryW
FreeUrlCacheSpaceW
InternetTimeFromSystemTimeA
SetUrlCacheConfigInfoA
InternetFortezzaCommand
IsHostInProxyBypassList
FtpCommandW

user32

WinHelpA
PackDDElParam
MsgWaitForMultipleObjects
GetNextDlgTabItem
WINNLSEnableIME
CreateIcon
GetClassInfoA
RegisterDeviceNotificationA

comdlg32

ChooseFontA
ChooseColorA
GetSaveFileNameA
PageSetupDlgW

kernel32

SetLastError
VirtualQueryEx
GetDateFormatA
VirtualAlloc
GetVersionExA
IsDebuggerPresent
MultiByteToWideChar
GetCommandLineA
InterlockedExchange
GetTimeZoneInformation
LCMapStringA
UnhandledExceptionFilter
CompareStringA
GetModuleHandleA
GetLocaleInfoA
VirtualQuery
IsValidLocale
TlsSetValue
GetProcAddress
GetLocaleInfoW
InterlockedIncrement
GetFileType
GetEnvironmentStringsW
HeapReAlloc
TlsAlloc
LCMapStringW
FreeEnvironmentStringsA
GetOEMCP
GetEnvironmentStrings
HeapFree
GetSystemTimeAsFileTime
GetLastError
EnterCriticalSection
SetEnvironmentVariableA
GetStdHandle
LeaveCriticalSection
SetHandleCount
FreeEnvironmentStringsW
FreeLibrary
SetConsoleCtrlHandler
WideCharToMultiByte
GetACP
GetStringTypeA
EnumSystemLocalesA
SetUnhandledExceptionFilter
TlsFree
GetStringTypeW
HeapSize
Sleep
DeleteCriticalSection
GetCurrentProcessId
TlsGetValue
LoadLibraryA
TerminateThread
CompareStringW
GetTickCount
QueryPerformanceCounter
WriteFile
GetPrivateProfileStringW
TerminateProcess
GetPriorityClass
VirtualFree
GetModuleFileNameW
SleepEx
GetCurrentThreadId
InitializeCriticalSection
GetCurrentThread
GetCurrentProcess
InterlockedDecrement
RtlUnwind
GetStartupInfoW
HeapAlloc
GetCommandLineW
GetCPInfo
GetProcessHeap
GetTimeFormatA
HeapCreate
GetModuleFileNameA
HeapDestroy
ExitProcess
GetUserDefaultLCID
GetStartupInfoA
CopyFileA
IsValidCodePage

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5ea212c9b7446efc0f9d280533dabd6

Headers

File Characteristics

Imports

advapi32

wininet

user32

comdlg32

kernel32

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 140KB - Virtual size: 171KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 140KB - Virtual size: 171KB

.rsrc
Size: 14KB - Virtual size: 13KB