cd4faac9eec96d8fc1f5a6b17aa9400d

Sharing

Copy URL

Twitter E-mail

General

Target

cd4faac9eec96d8fc1f5a6b17aa9400d
Size

484KB
MD5

cd4faac9eec96d8fc1f5a6b17aa9400d
SHA1

cbc149c8a0e27a3b8cdeef5bf6e90605e1ef8535
SHA256

dbc8489848e12a1c801e70e382c6014c49f15d5755c2ad1183a80f000227d61d
SHA512

9e9f5307c4ddb5c27492212d85f66d69300b9cff0757b436efcd0220744f8d4f531000ff6413de053e5677b7c7817ef334a4e89b1279553cfc2242195a3c4c42
SSDEEP

12288:sAL7S5fpo+9jnVfJAcTBmwd5hhu4E0ueE:dLG5DJ4Umwd5hE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd4faac9eec96d8fc1f5a6b17aa9400d

Files

cd4faac9eec96d8fc1f5a6b17aa9400d
.exe windows:4 windows x86 arch:x86

a4ab861a7d8e1f0a6442157bfa07c0c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\bzsvdphwme\

Imports

comctl32

InitCommonControlsEx

kernel32

ReadConsoleOutputCharacterW
GetFileType
VirtualProtect
GetCurrentThreadId
TlsFree
FreeEnvironmentStringsW
VirtualAlloc
ExitProcess
GetEnvironmentStringsW
GetOEMCP
SetHandleCount
GetCurrentProcessId
GetTimeFormatA
GetModuleHandleA
WriteFile
ReadFile
HeapReAlloc
MultiByteToWideChar
IsBadWritePtr
TlsGetValue
DeleteCriticalSection
LCMapStringW
HeapSize
HeapAlloc
FreeEnvironmentStringsA
GetModuleFileNameA
GetLocaleInfoW
CreateMutexA
EnumSystemLocalesA
GetCommandLineW
WaitCommEvent
GetStartupInfoW
CreateEventW
TlsSetValue
LeaveCriticalSection
IsValidCodePage
SetEnvironmentVariableA
RtlUnwind
SetFilePointer
GetDateFormatA
FlushFileBuffers
GetCurrentThread
GetTimeZoneInformation
UnhandledExceptionFilter
GetCommandLineA
LoadLibraryA
GetLocaleInfoA
GetStartupInfoA
LCMapStringA
InterlockedExchange
TerminateProcess
GetStdHandle
WideCharToMultiByte
GetCPInfo
CloseHandle
GetEnvironmentStrings
HeapDestroy
GetProfileSectionA
IsValidLocale
GetModuleFileNameW
GetCurrentProcess
GetStringTypeW
SetStdHandle
GetFileAttributesA
HeapFree
GetSystemTimeAsFileTime
WriteProfileStringA
TlsAlloc
GetSystemDirectoryW
GetACP
GetTickCount
GetProcAddress
CompareStringW
InitializeCriticalSection
VirtualFree
EnterCriticalSection
VirtualQuery
HeapCreate
GetUserDefaultLCID
GetLastError
GetStringTypeA
GetSystemTimeAdjustment
CompareStringA
GetVersionExA
OpenMutexA
GetSystemInfo
QueryPerformanceCounter
SetLastError

wininet

InternetSetOptionExA
InternetConnectW
InternetSetFilePointer

advapi32

RegQueryValueExA
RegSetValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyA
RegSaveKeyW
RegOpenKeyExA
CryptGenKey
CryptGetProvParam
LookupAccountSidA
CryptVerifySignatureA
StartServiceW
CryptAcquireContextA

user32

CallWindowProcW
RegisterClassA
ClipCursor
SetWindowTextA
DdeQueryNextServer
GetMessageA
RegisterClipboardFormatA
GetProcessWindowStation
TrackMouseEvent
RegisterClassExA
IsCharAlphaNumericA

gdi32

SetICMProfileW
OffsetViewportOrgEx

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4ab861a7d8e1f0a6442157bfa07c0c7

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

wininet

advapi32

user32

gdi32

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 14KB - Virtual size: 28KB

.data Size: 104KB - Virtual size: 103KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 14KB - Virtual size: 28KB

.data
Size: 104KB - Virtual size: 103KB

.rsrc
Size: 12KB - Virtual size: 12KB