d4c1b8094367be99074b9c5a80dcb457

Sharing

Copy URL Twitter E-mail

General

Target

d4c1b8094367be99074b9c5a80dcb457
Size

357KB
MD5

d4c1b8094367be99074b9c5a80dcb457
SHA1

9919263cff5b333499f580c1c484eb562524b8f3
SHA256

7bf76d2e9ee606b9a7f8c27be4208ad65dcb86420bb2b8234f11d0ed262f9f57
SHA512

20a703eb7da830e7319ca8b2771eb6fc4dc275d7ad7b83c6e751e4b378029a67fce0aaf8a2f701c7666f4d18aaa9c5ddf54cd8615e34264c38b36b6bd4e6ba70
SSDEEP

6144:73fDCdWiVd1g6nlYfz+cryQ+tvpcS4RWzfYM9qfz3tdBYvZ:jfDCdWiVd1g6nlYficryQ0qS4yfD9CJ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4c1b8094367be99074b9c5a80dcb457

Files

d4c1b8094367be99074b9c5a80dcb457
.exe windows:5 windows x86 arch:x86

78e8c93730f4347c6315bc3bfe013eea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegQueryValueExA

ws2_32

WSACleanup
WSAStartup

wininet

InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

netapi32

NetUserGetInfo
NetApiBufferFree

kernel32

CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
HeapReAlloc
VirtualAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCompressedFileSizeA
GetCommandLineA
CloseHandle
UnlockFile
WriteFile
LockFile
SetFilePointer
ReadFile
CreateFileA
CreateMutexA
ExitProcess
OpenMutexA
Sleep
CreateProcessA
CopyFileA
GetModuleFileNameA
GetEnvironmentVariableA
GetShortPathNameA
GetCurrentProcess
MultiByteToWideChar
SetEnvironmentVariableA
CreateThread
SetFileAttributesA
GetLastError
CreateDirectoryA
GetLocalTime
GetVolumeInformationA
GetDriveTypeA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
WideCharToMultiByte
RtlUnwind
GetModuleHandleW
GetProcAddress
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
GetFullPathNameA
HeapFree
GetCurrentDirectoryA
GetStdHandle
FlushFileBuffers
SetHandleCount
HeapAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

78e8c93730f4347c6315bc3bfe013eea

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

wininet

netapi32

kernel32

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 5KB - Virtual size: 36KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 5KB - Virtual size: 36KB