d49ada82748f450e0465672cfaee9bdb

Sharing

Copy URL

Twitter E-mail

General

Target

d49ada82748f450e0465672cfaee9bdb
Size

114KB
MD5

d49ada82748f450e0465672cfaee9bdb
SHA1

6f2e6a486674fe457a3802e2464c126c6d938f96
SHA256

0e175ea695187a673346ad1596a499e74592b40ce7b43297d962018d73bd03e4
SHA512

545b8e12ab685545ea1e0a8cd697118d469634d03f4fcb667cef1817de63b2b059eee26743a77130c78c88eaa5e6b07e28bb3dcfa6c0b72f0497fe54c126fb73
SSDEEP

1536:qv1JBXFA/ebmGv/ct6UcFbHXjFuUHnPLLTgGSWdv1cIG6loUYOWFIq:Q1JBS/eHct6vFN5nzLTzdv13nl5yyq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d49ada82748f450e0465672cfaee9bdb

Files

d49ada82748f450e0465672cfaee9bdb
.exe windows:4 windows x86 arch:x86

07a158b7bb2f1fdb7ecda460f47e31c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryDataAvailable
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile

shlwapi

StrToIntA
wnsprintfA
StrStrA
StrNCatA
StrStrIA

iphlpapi

GetAdaptersInfo

rasapi32

RasEnumEntriesA

kernel32

VirtualProtect
GetSystemInfo
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetVolumeInformationA
ExitProcess
GetModuleFileNameA
HeapFree
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
DeleteFileA
GetSystemDirectoryA
Sleep
GetTickCount
GetTempPathA
lstrcmpiA
lstrcatA
GetWindowsDirectoryA
lstrlenA
lstrcpyA
HeapAlloc
GetProcessHeap
lstrcpynA
CloseHandle
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetShortPathNameA
MoveFileExA
lstrcmpA
GetProcAddress
LoadLibraryA
LockResource
SizeofResource
LoadResource
FindResourceA
SetFileAttributesA
SetFileTime
GetFileTime
VirtualQuery
WideCharToMultiByte
GetVersionExA
FindClose
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapReAlloc
GetLastError
HeapDestroy
HeapCreate
GetComputerNameA
GlobalMemoryStatus
FindNextFileA
DeviceIoControl
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
VirtualFree
HeapSize
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
SetStdHandle

user32

FindWindowA
wsprintfA

advapi32

RegSetValueExA
RegQueryValueA
GetUserNameA
RegEnumValueA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07a158b7bb2f1fdb7ecda460f47e31c9

Headers

File Characteristics

Imports

wininet

shlwapi

iphlpapi

rasapi32

kernel32

user32

advapi32

shell32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 120KB - Virtual size: 116KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 120KB - Virtual size: 116KB