c45b4b9dc20f013a7d519707c41def5f

Sharing

Copy URL Twitter E-mail

General

Target

c45b4b9dc20f013a7d519707c41def5f
Size

293KB
MD5

c45b4b9dc20f013a7d519707c41def5f
SHA1

8f8802d9d8c9c866d3e4e4c4e706b07eefc11399
SHA256

715ef1bb3daa8ae35efea52e7febcc7af0c3ca1569fee3e0bbdfd539b3427723
SHA512

dec4806da6c98f56bd2db2c4df2ccd1373607855c31c0debb9bda7f68c9f0cd2761a316576e150e19195b903406ece766015c8c68b993a2696ecacc026612840
SSDEEP

3072:1YMreg++sxkF1aXqbzLlPAfdQln/Wuezs0l3X3DT7yu5qTbYvQixoUfDpj7qTNLy:6Mreg++V1kC/lnu/LlXH7yNgv3x57qg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c45b4b9dc20f013a7d519707c41def5f

Files

c45b4b9dc20f013a7d519707c41def5f
.exe windows:4 windows x86 arch:x86

4db8e73888aa77fd7df346fe75de2f10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHLoadInProc
ShellExecuteA
SHChangeNotify
FindExecutableA

advapi32

EnumServicesStatusW
DestroyPrivateObjectSecurity
LogonUserA
ObjectDeleteAuditAlarmW
QueryServiceStatus
RegNotifyChangeKeyValue
RegCloseKey
SetPrivateObjectSecurity
BuildSecurityDescriptorW
AllocateAndInitializeSid
QueryServiceConfigA
CopySid
ImpersonateNamedPipeClient
QueryServiceConfigW
CryptDeriveKey
NotifyBootConfigStatus
QueryServiceLockStatusW
CreateServiceA
RegRestoreKeyW
DeregisterEventSource
ObjectCloseAuditAlarmA
MakeAbsoluteSD
RegCreateKeyExW
RegQueryInfoKeyA
RegEnumValueA
CryptDestroyKey
SetKernelObjectSecurity
CryptGenRandom
SetThreadToken
RegConnectRegistryA
GetFileSecurityW
PrivilegeCheck
ImpersonateLoggedOnUser

kernel32

PurgeComm
WritePrivateProfileSectionA
lstrcatW
WriteProcessMemory
GetCommandLineW
GlobalFree
GetAtomNameA
CreateEventA
CreateMutexA
SetCurrentDirectoryA
FindNextChangeNotification
GetSystemTime
GetFileType
GetVersion
GetSystemInfo
GlobalAddAtomW
GetFileAttributesExA
GetProcessTimes
LocalReAlloc
PrepareTape
GetModuleFileNameW
CreateDirectoryA
FatalAppExitA
GlobalFindAtomW
GetConsoleMode
FreeEnvironmentStringsA
GetPrivateProfileStringA
MultiByteToWideChar
GetTickCount
GetSystemTimeAdjustment
SetEnvironmentVariableA
GetNumberFormatW
PulseEvent
GetOEMCP
LocalAlloc
DosDateTimeToFileTime
VirtualAllocEx
SetThreadLocale
ExitThread
CopyFileExW
FileTimeToLocalFileTime
IsBadWritePtr
VirtualProtect
SetConsoleOutputCP
GetOverlappedResult
GetHandleInformation
OpenFile
VirtualFree
GetCurrentDirectoryW
GetModuleHandleA
SetErrorMode
EnumDateFormatsW
GetFullPathNameA
GetTapeStatus
WriteFile
lstrlenA
VirtualAlloc
WritePrivateProfileStructA
GetStartupInfoA

version

VerFindFileA

user32

RegisterClassExW
CharLowerW
CreateWindowExW
IsCharLowerA
DefMDIChildProcW
WindowFromDC
CallNextHookEx
GetDlgItemTextW
CreateIconFromResource
RegisterClassA
GetCaretBlinkTime
GetPropW
GetScrollInfo
GetMenuCheckMarkDimensions
MessageBoxExA
CharToOemW
ReplyMessage
SetCaretPos
LoadImageW
IsCharLowerW
IsDialogMessageA

oleaut32

SafeArrayCreate

ws2_32

WSAGetLastError
WSACleanup
WSALookupServiceNextW
ioctlsocket
inet_addr
getsockname
WSAConnect
WSAGetServiceClassNameByClassIdW
WSAIsBlocking

gdi32

ExtCreatePen
PolyBezierTo
SetPixelV
CopyEnhMetaFileW
EnumFontFamiliesExW
RectVisible
CreatePalette
GetObjectW
SetTextCharacterExtra
PolyBezier
ScaleWindowExtEx
ExtSelectClipRgn
GetCharacterPlacementW
SetWorldTransform
CreatePenIndirect

ole32

CoReleaseMarshalData
CoFileTimeNow
OleIsRunning
CoGetInterfaceAndReleaseStream
OleInitialize
CoGetTreatAsClass
OleSetContainedObject

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_wcsicoll
_finite
_access
fseek
bsearch
_wspawnvp
_mbscpy
wcscat
vswprintf
_wcsnicmp
putchar
vfwprintf
wcsncpy
_mbctoupper
_mbstrlen
strtok
_mbschr
_stricmp
__p__commode
__p__fmode
__set_app_type
strchr
_except_handler3
_controlfp
_wfopen
iswspace
fgets
_mbsncmp
_endthreadex
asctime
_c_exit
_itow
strtod
_makepath
_getcwd
_wcsdup
_wpopen
sprintf
_lseek
localtime

Sections

uyuoyy
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

yqguw
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

makakmq
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

suykgu
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4db8e73888aa77fd7df346fe75de2f10

Headers

File Characteristics

Imports

shell32

advapi32

kernel32

version

user32

oleaut32

ws2_32

gdi32

ole32

msvcrt

Sections

uyuoyy Size: 196KB - Virtual size: 195KB

yqguw Size: 5KB - Virtual size: 5KB

makakmq Size: 70KB - Virtual size: 70KB

suykgu Size: 20KB - Virtual size: 20KB

uyuoyy
Size: 196KB - Virtual size: 195KB

yqguw
Size: 5KB - Virtual size: 5KB

makakmq
Size: 70KB - Virtual size: 70KB

suykgu
Size: 20KB - Virtual size: 20KB