cb633a3cf1db54cf975adc3a51d423d1

Sharing

Copy URL Twitter E-mail

General

Target

cb633a3cf1db54cf975adc3a51d423d1
Size

617KB
MD5

cb633a3cf1db54cf975adc3a51d423d1
SHA1

ad1142147ec21fdc028d11749fb1013ac4426e85
SHA256

79ffe72cf0b3106b3d4a19d71fb8eb5078843444fee28569be926f797adab020
SHA512

9285a6ed4c6b1b542b4d666b3cec48cc5fa3ba160d22cdbbe45ec0d02bb050dd9c71c882ecd00adaaf984346e56adac081d3292ea511d5893029c87bfa913a7b
SSDEEP

12288:vOR5M1Z/s/zbKLHDqzTjJ1U/Y14pKjquZ8vWDrNnNQPzRs+Z:SyOfKzDqzTl1U/F8jv8OViFs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb633a3cf1db54cf975adc3a51d423d1

Files

cb633a3cf1db54cf975adc3a51d423d1
.exe windows:4 windows x86 arch:x86

462c2cb7575fcb30a16b2c030fe9c0c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegNotifyChangeKeyValue
StartServiceW
LookupSecurityDescriptorPartsA
LookupPrivilegeValueA
CryptSignHashW
RegOpenKeyA
RegEnumKeyExW
CryptSetProviderExW
CryptGenRandom
CryptDestroyHash
LogonUserA
DuplicateToken
RegConnectRegistryA
RegLoadKeyW
CryptGetDefaultProviderA
RegQueryMultipleValuesA
ReportEventA
CryptAcquireContextA
CryptVerifySignatureA
RegCloseKey
CryptGetKeyParam
RegOpenKeyW
CryptSetKeyParam
RegOpenKeyExA
RegReplaceKeyW

wininet

LoadUrlCacheContent
FtpGetFileEx
FindFirstUrlCacheContainerA
InternetGetCertByURL
InternetGetLastResponseInfoW
InternetSetDialStateW
FtpRenameFileA

gdi32

PolyDraw
GetNearestPaletteIndex
GetPaletteEntries
GetCharacterPlacementA
PlayEnhMetaFile
FloodFill
SetWindowExtEx
PolyTextOutW
ExtFloodFill
CreateRectRgn
GetCharWidth32A
CreateFontA

comdlg32

GetFileTitleW
GetFileTitleA
ReplaceTextA
PrintDlgW
PageSetupDlgA
ChooseColorA
FindTextW
LoadAlterBitmap
PrintDlgA
ChooseFontA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
ChooseFontW

kernel32

VirtualFree
WideCharToMultiByte
GetEnvironmentStringsW
LoadLibraryW
ReadConsoleInputA
SetStdHandle
GetStringTypeA
WriteConsoleW
GetCurrentThreadId
GetConsoleCP
GetCurrentProcessId
lstrcpy
GetTimeFormatA
InterlockedIncrement
GetACP
CloseHandle
LCMapStringW
GetProcAddress
SetEnvironmentVariableA
GetCurrentProcess
TlsFree
GetFileType
MultiByteToWideChar
DuplicateHandle
FreeLibrary
GetStringTypeW
FlushFileBuffers
GetStartupInfoA
TerminateProcess
GetOEMCP
LoadResource
SetHandleCount
GetSystemTimeAsFileTime
HeapCreate
GetTickCount
FreeEnvironmentStringsW
GetEnvironmentStrings
ContinueDebugEvent
TlsSetValue
CreateFileA
GetStartupInfoW
GlobalUnfix
HeapReAlloc
IsValidLocale
lstrlenA
OutputDebugStringW
GetCPInfo
InterlockedDecrement
FindResourceExA
DeleteCriticalSection
LoadLibraryA
UnhandledExceptionFilter
IsValidCodePage
GetConsoleOutputCP
GetConsoleMode
LeaveCriticalSection
HeapSize
GetLocaleInfoW
SetLastError
RaiseException
CompareStringA
TlsGetValue
EnumSystemLocalesA
ExitProcess
GetProcessHeap
GetStdHandle
SetUnhandledExceptionFilter
HeapAlloc
DebugBreak
VirtualAlloc
InterlockedExchange
HeapFree
GetLastError
EnumDateFormatsW
GetTempFileNameW
GetModuleFileNameA
RtlUnwind
WriteConsoleA
EnterCriticalSection
IsBadReadPtr
GetVersionExA
HeapValidate
SetConsoleCtrlHandler
TlsAlloc
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentThread
GetCommandLineW
FreeEnvironmentStringsA
GetCommandLineA
VirtualQuery
HeapDestroy
GetLocaleInfoA
LCMapStringA
SetFilePointer
GetTimeZoneInformation
WriteFile
SetConsoleScreenBufferSize
CompareStringW
OutputDebugStringA
GetUserDefaultLCID
IsDebuggerPresent
GetModuleHandleA
GetModuleFileNameW
GetDateFormatA

shell32

ShellExecuteEx
CheckEscapesW
SHGetPathFromIDList
RealShellExecuteW
SHQueryRecycleBinW
DragQueryFile
ExtractAssociatedIconW
FindExecutableA
SheChangeDirA
ShellExecuteExA
SHGetPathFromIDListW
ExtractIconA
SHFormatDrive
ExtractIconExW
ExtractAssociatedIconExW
DragQueryFileW
SHGetDiskFreeSpaceA
ExtractIconEx
FindExecutableW
ExtractAssociatedIconExA
InternalExtractIconListW
ExtractIconExA
SHGetSpecialFolderLocation
ShellAboutW
FreeIconList

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

462c2cb7575fcb30a16b2c030fe9c0c9

Headers

File Characteristics

Imports

advapi32

wininet

gdi32

comdlg32

kernel32

shell32

Sections

.text Size: 293KB - Virtual size: 292KB

.data Size: 314KB - Virtual size: 313KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 293KB - Virtual size: 292KB

.data
Size: 314KB - Virtual size: 313KB

.rsrc
Size: 9KB - Virtual size: 9KB