cd94f13ad38fd88152fbba814aa2a74e

Sharing

Copy URL

Twitter E-mail

General

Target

cd94f13ad38fd88152fbba814aa2a74e
Size

524KB
MD5

cd94f13ad38fd88152fbba814aa2a74e
SHA1

f03642809058870eee3a9617f741fe81c18a8a81
SHA256

ffcd6c433d7367a79542bb38623fda50f7e4a9ce92e7bef3795e75a94c70efaf
SHA512

715465722a5d879125f419515630f879df3cd148c743fae24ecc617dfbee029a95b974c9a6cd95dc554cbcbba6373c3bc547ad47d6ebd1deaa42141b2cda9863
SSDEEP

12288:Nz99BMQErITlFWC3Y5uWKnF76nxrXdDh3dFkUW102tNk:dBMNrITv3Y5BKF76xrXdFkDK2t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd94f13ad38fd88152fbba814aa2a74e

Files

cd94f13ad38fd88152fbba814aa2a74e
.exe windows:4 windows x86 arch:x86

bfc90488eb49c2a42d41097131821920

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetCaretBlinkTime
WindowFromPoint
RegisterClassExA
GetClientRect
ExcludeUpdateRgn
MessageBoxIndirectA
GetKeyboardType
RegisterClassA
GetCursorPos
LoadCursorW
DrawFocusRect
PostThreadMessageA
SendInput

kernel32

CreateMutexA
GetTimeZoneInformation
DeleteCriticalSection
GetCommandLineA
GetCurrentProcess
OpenMutexA
LCMapStringA
MultiByteToWideChar
GetTickCount
ExitProcess
IsBadWritePtr
GetStartupInfoA
GetCPInfo
VirtualQuery
VirtualProtect
HeapFree
GetStdHandle
VirtualAlloc
GetProcAddress
GetOEMCP
GetModuleFileNameW
InterlockedExchange
GetLocaleInfoW
HeapReAlloc
RtlZeroMemory
GetStringTypeA
DebugBreak
GetCurrentThread
SetStdHandle
IsBadReadPtr
HeapCreate
GetEnvironmentStrings
FreeEnvironmentStringsW
InterlockedDecrement
LCMapStringW
GetLastError
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetLocaleInfoA
OutputDebugStringA
GetACP
InitializeCriticalSection
GetVersionExA
TlsFree
GetStartupInfoW
GetUserDefaultLCID
RtlUnwind
FreeEnvironmentStringsA
SetEnvironmentVariableA
GetCurrentThreadId
EnterCriticalSection
ReadFile
InterlockedIncrement
GetModuleHandleA
CompareStringA
SetFilePointer
HeapDestroy
GetCurrentProcessId
GetTimeFormatA
HeapAlloc
LeaveCriticalSection
HeapValidate
GetStringTypeW
WideCharToMultiByte
IsValidCodePage
TerminateProcess
SetLastError
EnumSystemLocalesA
LoadLibraryA
GetFileType
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetCommandLineW
QueryPerformanceCounter
GetDateFormatA
VirtualFree
CloseHandle
SetHandleCount
WriteFile
IsValidLocale
FlushFileBuffers
CompareStringW
TlsSetValue
GetSystemInfo
GetModuleFileNameA

comdlg32

PageSetupDlgA
GetSaveFileNameW
LoadAlterBitmap

comctl32

InitCommonControlsEx

gdi32

GetTextExtentPointA
GetBrushOrgEx
PlayMetaFileRecord
PolyTextOutW
SetBitmapDimensionEx
SetBrushOrgEx
GetTextCharacterExtra
ColorCorrectPalette
FrameRgn
GetTextExtentExPointW
GetTextFaceW

wininet

FtpPutFileA

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfc90488eb49c2a42d41097131821920

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

comctl32

gdi32

wininet

Sections

.text Size: 191KB - Virtual size: 191KB

.rdata Size: 12KB - Virtual size: 34KB

.data Size: 313KB - Virtual size: 312KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 191KB - Virtual size: 191KB

.rdata
Size: 12KB - Virtual size: 34KB

.data
Size: 313KB - Virtual size: 312KB

.rsrc
Size: 6KB - Virtual size: 6KB