d4bc29b29bdd4a6d9ad80599ecd5c30f

Sharing

Copy URL

Twitter E-mail

General

Target

d4bc29b29bdd4a6d9ad80599ecd5c30f
Size

396KB
MD5

d4bc29b29bdd4a6d9ad80599ecd5c30f
SHA1

08763435bf48adc787ffb16b37af21f11acf093f
SHA256

a22ab04e9f11e27a5937f89535e7114fed9a89cb158020ee0603bbd52b1e2ddb
SHA512

5a9686b5b0897985eeae2904086d88ecbe7bdc917ccad6795562d24e5bea600641986c68e8b8760ea40d381ca0d1d5d94e9de03b3a476b1732338a861e290201
SSDEEP

6144:zqIBDFuiH1G9xgKkehrtQgGIR+PUG4u2ifq6P+uGRsIzZ87GaoO:2ItH1GfgJKNGIRHeidsmUGao

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4bc29b29bdd4a6d9ad80599ecd5c30f

Files

d4bc29b29bdd4a6d9ad80599ecd5c30f
.exe windows:4 windows x86 arch:x86

e72c65284261a5350588efdbe94291f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\yamu

Imports

gdi32

WidenPath
ModifyWorldTransform
GetPixelFormat
GetTextExtentPoint32A
GetLogColorSpaceW
SetColorAdjustment
DescribePixelFormat
FrameRgn
CopyMetaFileA
GetCurrentObject
CreateScalableFontResourceW
SetEnhMetaFileBits
DeleteColorSpace
GetFontLanguageInfo
SetTextCharacterExtra
SetViewportExtEx
EndPage
GdiGetBatchLimit
SetFontEnumeration
CombineTransform
SetBitmapBits
CreateEllipticRgnIndirect
EnumFontFamiliesA
GetFontData

user32

DefWindowProcA
ChildWindowFromPoint
GetWindow
CreateWindowExA
RegisterClassW
ReplyMessage
SetFocus
GetWindowContextHelpId
DrawIconEx
CharLowerBuffA
RegisterClassA
GetWindowLongA
DestroyWindow
FlashWindowEx
TranslateAcceleratorA
RegisterWindowMessageW
EnumDesktopsW
SetWindowRgn
DdeQueryConvInfo
RegisterClassExA
SetRect
SetCaretPos
DrawCaption
MessageBoxA
CharUpperBuffW
GetQueueStatus
IsCharUpperA
AdjustWindowRect
MessageBeep
GetMenuItemInfoA
ShowWindow
RegisterDeviceNotificationW

comctl32

ImageList_LoadImageA
ImageList_SetBkColor
ImageList_AddIcon
ImageList_SetFilter
ImageList_DragEnter
CreatePropertySheetPageW
InitCommonControlsEx
ImageList_BeginDrag
ImageList_ReplaceIcon
CreatePropertySheetPageA
ImageList_DragShowNolock
CreateStatusWindowW
ImageList_AddMasked
ImageList_Replace
CreateStatusWindow
ImageList_GetIcon
ImageList_SetFlags
CreatePropertySheetPage
CreateToolbarEx

kernel32

SetFilePointer
GetSystemTimeAsFileTime
OpenMutexA
GlobalReAlloc
WideCharToMultiByte
GetCurrentThreadId
GetLocaleInfoA
Sleep
ReadConsoleOutputA
GetCPInfo
QueryPerformanceCounter
UnhandledExceptionFilter
GetNamedPipeInfo
SetHandleCount
DosDateTimeToFileTime
WriteFile
GlobalAlloc
HeapCreate
LocalReAlloc
GetCurrentProcess
GetSystemDirectoryA
IsValidLocale
GetStdHandle
GetTimeZoneInformation
HeapDestroy
GetSystemDefaultLangID
ReadFile
SetStdHandle
VirtualAlloc
IsBadWritePtr
CreateWaitableTimerW
CompareStringA
SetEnvironmentVariableA
ConnectNamedPipe
GetLocaleInfoW
GetCurrentThread
GlobalFindAtomW
lstrcpyW
GetEnvironmentStrings
GetEnvironmentVariableW
IsValidCodePage
WriteConsoleW
GetUserDefaultLCID
FindResourceExW
CompareStringW
GetCommandLineA
GetProcAddress
CompareFileTime
EnumResourceTypesW
WritePrivateProfileStringA
lstrcmpi
GetFileType
CreateNamedPipeW
GetCurrentProcessId
CreateMutexA
GetThreadPriorityBoost
GetTimeFormatA
ResumeThread
MultiByteToWideChar
GetOEMCP
GetDateFormatA
LocalSize
GetStringTypeA
EnumSystemLocalesW
SetLastError
FreeEnvironmentStringsW
FreeResource
lstrcpyn
VirtualProtect
InitializeCriticalSection
VirtualFree
LocalShrink
GetStringTypeW
WriteConsoleA
GetVersion
FlushFileBuffers
GetSystemInfo
VirtualUnlock
GlobalUnlock
DeleteCriticalSection
SuspendThread
HeapFree
InterlockedExchange
GetEnvironmentStringsW
TlsGetValue
GetLastError
ExitProcess
GetWindowsDirectoryA
LoadResource
LCMapStringW
OutputDebugStringA
HeapReAlloc
GetModuleHandleA
CommConfigDialogA
GlobalFlags
LoadLibraryA
TlsAlloc
SetFileAttributesW
EnumSystemLocalesA
FlushViewOfFile
LeaveCriticalSection
SetFileTime
WritePrivateProfileStructA
RtlUnwind
EnumDateFormatsW
InitializeCriticalSectionAndSpinCount
lstrcmpiW
CloseHandle
LCMapStringA
TlsFree
TlsSetValue
VirtualQuery
CreateDirectoryW
GetVersionExA
GetProfileSectionW
EnterCriticalSection
GetEnvironmentVariableA
HeapAlloc
GetACP
CreateMailslotA
HeapSize
FreeEnvironmentStringsA
EnumCalendarInfoExW
TerminateProcess
GetConsoleScreenBufferInfo
GetTickCount
GetModuleFileNameA
GetStartupInfoA

shell32

SHBrowseForFolderW
FreeIconList
SheChangeDirA
SHUpdateRecycleBinIcon
DragQueryFileA

advapi32

RegSaveKeyW
CryptHashSessionKey
StartServiceW
ReportEventA
CryptDestroyHash
CryptSetKeyParam
CryptGetHashParam
CryptDuplicateKey
InitiateSystemShutdownW
RegQueryValueW
RegOpenKeyExA
RegQueryValueExW
CryptCreateHash
CryptSignHashW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyA
CryptAcquireContextA
CryptDuplicateHash
CryptEnumProvidersW
CryptEncrypt
CryptContextAddRef
CryptGenRandom
CryptVerifySignatureA

wininet

InternetGetCookieA
UnlockUrlCacheEntryFileA
HttpCheckDavCompliance
InternetDial
RegisterUrlCacheNotification
InternetCombineUrlA
FtpOpenFileW
FindNextUrlCacheEntryA
DeleteIE3Cache

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e72c65284261a5350588efdbe94291f8

Headers

File Characteristics

PDB Paths

Imports

gdi32

user32

comctl32

kernel32

shell32

advapi32

wininet

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 100KB - Virtual size: 127KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 100KB - Virtual size: 127KB

.rsrc
Size: 16KB - Virtual size: 15KB