c324a8f918f9726794eadcb18d7b29a4

Sharing

Copy URL

Twitter E-mail

General

Target

c324a8f918f9726794eadcb18d7b29a4
Size

434KB
MD5

c324a8f918f9726794eadcb18d7b29a4
SHA1

a05b59f51d1889a6803f4b9462ee5ccc17b4c9a3
SHA256

bdc22b95a57a25683bb9a49aaa49dd8fe0619c3a08b16b6a6dcbeba7546a9476
SHA512

b6c83a0389c6223d25ba6149d8a65f3297a0cdc5f688e431ecc0d22523a885837cd4de9ed88b86c78521b6a197c35ec816877dc2fdf54af86dcc702b9178b048
SSDEEP

6144:WXM+k6HPq1Jx9lYBrY/D5mkDMcWiOaIrdQvDNAOw9Cflwthz5Yql45K5oqE:9uPOYr+xhPIZGw9CtEp5YLOo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c324a8f918f9726794eadcb18d7b29a4

Files

c324a8f918f9726794eadcb18d7b29a4
.exe windows:4 windows x86 arch:x86

0e69b4b586f1b583098e8aaedd2858b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
InitiateSystemShutdownA
RegLoadKeyA
RegSetValueW
RegQueryValueExW
RegSetValueA
RegCreateKeyA
ReportEventA
CryptEnumProvidersA
RegDeleteValueA
LogonUserW

user32

EnableWindow
GetMenuItemInfoW
SetTimer
CreateWindowStationW
CharToOemBuffW
IsDlgButtonChecked
GetOpenClipboardWindow

comdlg32

ChooseFontA
ChooseFontW
LoadAlterBitmap
GetOpenFileNameW
FindTextA
GetSaveFileNameW
FindTextW
GetFileTitleA
ChooseColorW
PrintDlgW
ChooseColorA
ReplaceTextA
PageSetupDlgA
GetOpenFileNameA
PageSetupDlgW

shell32

SHGetDiskFreeSpaceA
DragQueryFileW

kernel32

GetOEMCP
HeapFree
LoadLibraryA
CreateToolhelp32Snapshot
FreeEnvironmentStringsW
LCMapStringA
SetHandleCount
SetLastError
TlsFree
GetCommandLineW
GetStartupInfoA
HeapAlloc
TlsSetValue
HeapReAlloc
GetStringTypeA
GetStdHandle
ReadConsoleInputW
GetTickCount
UnhandledExceptionFilter
WriteFile
InterlockedExchange
QueryPerformanceCounter
VirtualFree
EnterCriticalSection
GetEnvironmentStrings
TerminateProcess
GetCPInfo
FormatMessageW
LeaveCriticalSection
TlsGetValue
GetCurrentThread
GetProcAddress
GetVersion
GetModuleHandleA
GetCurrentThreadId
FreeEnvironmentStringsA
HeapCreate
GetCurrentProcess
MultiByteToWideChar
HeapDestroy
GetCommandLineA
GetDiskFreeSpaceExW
GetLastError
IsBadWritePtr
VirtualAlloc
GetACP
InitializeCriticalSection
ExitProcess
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetFileType
WideCharToMultiByte
GetCurrentProcessId
VirtualQuery
TlsAlloc
GetStringTypeW
GetSystemTimeAsFileTime
LCMapStringW
GetEnvironmentStringsW

wininet

InternetOpenA
GopherFindFirstFileA
InternetGetCertByURL
DeleteIE3Cache
ShowCertificate
DeleteUrlCacheContainerA
SetUrlCacheEntryGroup
InternetSecurityProtocolToStringA
RetrieveUrlCacheEntryFileA
InternetSetOptionExW
UnlockUrlCacheEntryStream
FtpGetCurrentDirectoryW
GopherGetLocatorTypeA
FindFirstUrlCacheEntryExA
DeleteUrlCacheContainerW
IsUrlCacheEntryExpiredA
FtpRemoveDirectoryA
GetUrlCacheEntryInfoW
DeleteUrlCacheEntryW
SetUrlCacheConfigInfoW
CreateUrlCacheEntryA
UnlockUrlCacheEntryFileW
ReadUrlCacheEntryStream
InternetConfirmZoneCrossingA
FindNextUrlCacheEntryW

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e69b4b586f1b583098e8aaedd2858b4

Headers

File Characteristics

Imports

advapi32

user32

comdlg32

shell32

kernel32

wininet

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 304KB - Virtual size: 304KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 304KB - Virtual size: 304KB

.rsrc
Size: 11KB - Virtual size: 10KB