cd643ed35e3032ef4efce68945221dd1

Sharing

Copy URL Twitter E-mail

General

Target

cd643ed35e3032ef4efce68945221dd1
Size

686KB
MD5

cd643ed35e3032ef4efce68945221dd1
SHA1

e6e1d3a5cfd504d36f5f6f9ca0ce67e124e17244
SHA256

789a9e054d1c3eef3dd338cbaf1a54e92563794d75330e8c14f75c9f837d8252
SHA512

9363df6e6950adeda2f7c55fcbd00bb91868609c81329c2afcc70d6241f55ed9726ed6839c4ea7151da1594bd39de125b7cba4b0cbeb8fae0ce49bfeca8f6423
SSDEEP

12288:QX7LEsM1Gs201nNRZ5+NOK0+ITNUUkfVUSZDSD9J3n4y9ieRXFgd:8743mORZ5+kKaNMfVUSpc73nB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd643ed35e3032ef4efce68945221dd1

Files

cd643ed35e3032ef4efce68945221dd1
.exe windows:4 windows x86 arch:x86

017b53b02719a5e58df55b10405ce064

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
InitializeCriticalSection
FreeLibrary
GetStringTypeA
GetCurrentProcessId
GetFileType
ReadFile
GetModuleFileNameA
GetModuleFileNameW
GetCurrentProcess
HeapValidate
CompareStringA
InterlockedDecrement
ConvertDefaultLocale
GetCommandLineA
MultiByteToWideChar
SetStdHandle
GetLocaleInfoA
GetProcAddress
EnterCriticalSection
SetHandleCount
CompareStringW
TlsAlloc
HeapFree
lstrlenA
GetStdHandle
GetConsoleOutputCP
HeapDestroy
RtlFillMemory
LoadLibraryA
GetOEMCP
IsValidLocale
TerminateProcess
SetLastError
GetCurrentThread
LeaveCriticalSection
OutputDebugStringW
VirtualQuery
HeapReAlloc
TlsGetValue
GetConsoleMode
GetVersionExA
VirtualFree
InterlockedIncrement
TlsFree
OpenMutexA
SetUnhandledExceptionFilter
SetFilePointer
GetConsoleCP
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentThreadId
WideCharToMultiByte
TlsSetValue
IsBadReadPtr
GetTimeZoneInformation
InterlockedExchange
ExitProcess
DebugBreak
GetTimeFormatA
FreeEnvironmentStringsW
LoadLibraryW
GetStartupInfoA
VirtualAlloc
OutputDebugStringA
LCMapStringW
UnhandledExceptionFilter
GetLastError
GetDateFormatA
RtlUnwind
SetEnvironmentVariableA
CreateSemaphoreW
LCMapStringA
CreateFileA
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetCPInfo
GetProcessHeap
IsValidCodePage
WriteConsoleW
WriteConsoleA
GetModuleHandleA
EnumSystemLocalesA
IsDebuggerPresent
RaiseException
GetUserDefaultLCID
GetLocaleInfoW
QueryPerformanceCounter
CreateMutexA
GetTickCount
DeleteCriticalSection
CloseHandle
GetStringTypeW
GetACP
FlushFileBuffers
HeapCreate
GetEnvironmentStrings
WriteFile

advapi32

RegEnumKeyW
RegDeleteKeyA
InitiateSystemShutdownW
LookupAccountSidW
CryptVerifySignatureW
RegDeleteValueW
CryptSetProvParam
RegQueryInfoKeyW
RegSaveKeyA
RegOpenKeyExW
RegCreateKeyW
RevertToSelf
RegQueryMultipleValuesA
CryptContextAddRef

wininet

FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
GopherCreateLocatorA

comctl32

InitCommonControlsEx

user32

MsgWaitForMultipleObjectsEx
PackDDElParam
SetWindowsHookA
GetScrollBarInfo
RegisterClassExA
DdeNameService
DlgDirListComboBoxW
CloseWindow
SubtractRect
EnumChildWindows
GetTitleBarInfo
RegisterClassA
SendNotifyMessageW
TileWindows
PostMessageW

Sections

.text
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

017b53b02719a5e58df55b10405ce064

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

comctl32

user32

Sections

.text Size: 452KB - Virtual size: 452KB

.rdata Size: 46KB - Virtual size: 70KB

.data Size: 179KB - Virtual size: 179KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 452KB - Virtual size: 452KB

.rdata
Size: 46KB - Virtual size: 70KB

.data
Size: 179KB - Virtual size: 179KB

.rsrc
Size: 6KB - Virtual size: 6KB