cd88f75c25fd294b23d90369aea6a577

Sharing

Copy URL Twitter E-mail

General

Target

cd88f75c25fd294b23d90369aea6a577
Size

508KB
MD5

cd88f75c25fd294b23d90369aea6a577
SHA1

e3bd78f8a856eb2964ef4e64c64210e5c2784541
SHA256

85e5b969888e5c89293288da0d6de23e8c9fc3fdb3f78e5f5d34ee55b7cb5910
SHA512

9d74d2dd7ff15bda96715c405bc145400503f86043a375cd527380a78fc0441a1816359161aa6df04c91ce2799db6d39880318bb1c79f61ec80e20a4bfbf181b
SSDEEP

12288:8a4aXiZ7fGhUNzqjAy1RF0GNMWyiVCK/mcFpos2o1dc:8a4iMqUNzqjAgyLlpK7Ysb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd88f75c25fd294b23d90369aea6a577

Files

cd88f75c25fd294b23d90369aea6a577
.exe windows:4 windows x86 arch:x86

de15474bfa3cd6bd34dcf1ed4d43884b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpCreateDirectoryW

comdlg32

ChooseColorA
ChooseFontW

user32

RegisterClipboardFormatA
GetKeyState
GetWindowTextA
EqualRect
CreateWindowStationW
WindowFromDC
RemovePropA
DestroyCursor
DdeUninitialize
LoadCursorA
GetMessagePos
DrawIconEx
ChangeDisplaySettingsExW
MapVirtualKeyExW
DlgDirSelectComboBoxExW
EnumDisplaySettingsW
RegisterClassA
PackDDElParam
GetMessageTime
EnumPropsA
GetQueueStatus
TranslateAccelerator
RegisterClassExA

comctl32

InitCommonControlsEx

kernel32

SystemTimeToTzSpecificLocalTime
VirtualProtect
WriteFile
IsBadWritePtr
EnumSystemLocalesA
DeleteCriticalSection
CreateMutexA
GetEnvironmentStrings
QueryPerformanceCounter
HeapAlloc
GetLocaleInfoA
LCMapStringW
GetLocaleInfoW
SetLastError
GetStringTypeW
InitializeCriticalSection
GetFileType
MultiByteToWideChar
SetHandleCount
GetProcAddress
FreeEnvironmentStringsA
CloseHandle
FreeEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetDateFormatA
VirtualAlloc
LCMapStringA
FlushFileBuffers
GetLastError
RtlUnwind
SetStdHandle
GetVersionExA
TlsAlloc
TlsGetValue
VirtualQuery
LocalCompact
GetCommandLineW
TerminateProcess
GetStringTypeA
CompareStringA
GetModuleFileNameA
GetCurrentProcess
SetFilePointer
UnhandledExceptionFilter
ExitProcess
GetModuleHandleA
CompareStringW
EnterCriticalSection
TlsSetValue
InterlockedExchange
GetCommandLineA
GetStartupInfoA
GetOEMCP
GetStartupInfoW
GetCurrentThread
GetUserDefaultLCID
HeapCreate
GetModuleFileNameW
GetTempFileNameW
LoadLibraryA
LeaveCriticalSection
GetTimeZoneInformation
HeapDestroy
VirtualFree
WideCharToMultiByte
HeapSize
GetTickCount
GetTimeFormatA
IsValidCodePage
HeapReAlloc
OpenMutexA
SetEnvironmentVariableA
ReadFile
GetACP
GetStdHandle
TlsFree
GetEnvironmentStringsW
GetSystemInfo
IsValidLocale
GetCPInfo
GetCurrentThreadId

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de15474bfa3cd6bd34dcf1ed4d43884b

Headers

File Characteristics

Imports

wininet

comdlg32

user32

comctl32

kernel32

Sections

.text Size: 180KB - Virtual size: 180KB

.rdata Size: 8KB - Virtual size: 25KB

.data Size: 311KB - Virtual size: 311KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 180KB - Virtual size: 180KB

.rdata
Size: 8KB - Virtual size: 25KB

.data
Size: 311KB - Virtual size: 311KB

.rsrc
Size: 7KB - Virtual size: 6KB