e0615b0cbf0a4929509e5a47d61d9a4d

Sharing

Copy URL Twitter E-mail

General

Target

e0615b0cbf0a4929509e5a47d61d9a4d
Size

153KB
MD5

e0615b0cbf0a4929509e5a47d61d9a4d
SHA1

e1573b45c7ac5191ab1a4b1a6a373bba826a7a3f
SHA256

e4a7b1a74e4d9997044386f2b8652c3524656e58be2139a4b6be2a506a33fc95
SHA512

bdd0f6b303e7dfc13962b2312755bea79b673fea27cbaffed0b7f14ffce1574ec9fb9fc6baa7aa30bf1914cca7d0860988fb50c4b5baafcdc01ae58baab8df7f
SSDEEP

3072:RiloG82SvBsa2B4iry0sWI5eUKhWUcQ1QTBflKudhL:RikEaiNWEuUQTBtKuf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0615b0cbf0a4929509e5a47d61d9a4d

Files

e0615b0cbf0a4929509e5a47d61d9a4d
.exe windows:4 windows x86 arch:x86

44359ce3335d7e5afaf9e97ebcccdf42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncpy
_strnicmp
strncmp
_strdup
free
strlen
strcpy
strcat
memcpy
fread
_setjmp3
atoi
sprintf
strstr
strcmp
fclose
fabs
ceil
malloc
floor
localtime
mktime
_snprintf
abort
_CIpow
__p__iob
fprintf
longjmp
strtod

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
Sleep
OpenProcess
SetPriorityClass
CloseHandle
HeapAlloc
HeapFree
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSection
GetCommandLineA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
FreeLibrary
LoadLibraryA
GetProcAddress
GetTickCount
SetLastError
TlsAlloc
GlobalAlloc
GlobalFree
GetVersionExA
MulDiv
GetTempPathA
GetLocalTime
WriteFile
CreateFileA
SetFilePointer
HeapReAlloc
MultiByteToWideChar

comctl32

InitCommonControls
InitCommonControlsEx

user32

PeekMessageA
TranslateMessage
DispatchMessageA
SendMessageA
SetClassLongA
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
CharUpperA
DestroyWindow
GetSysColor
GetSysColorBrush
CreateWindowExA
SetWindowTextA
GetWindowRect
ScreenToClient
RedrawWindow
GetWindowLongA
GetIconInfo
SetWindowPos
InvalidateRect
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateA
EndPaint
SetCapture
CallWindowProcA
GetSystemMetrics
SetWindowLongA
RemovePropA
DefWindowProcA
SetPropA
GetParent
GetPropA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
GetActiveWindow
ShowWindow
CreateAcceleratorTableA
IsZoomed
IsIconic
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
SetCursorPos
LoadImageA
SetCursor
MapWindowPoints
MoveWindow
SystemParametersInfoA
GetKeyState
PostMessageA
GetCursorPos
SetFocus
GetFocus
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
IsChild
GetClassNameA
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource

gdi32

CreateBrushIndirect
GetStockObject
SetBkColor
SetTextColor
GetObjectType
GetObjectA
DeleteObject
CreateSolidBrush
CreateCompatibleDC
SetDIBits
DeleteDC
CreateDIBSection
GetDIBits
SelectObject
BitBlt
CreateBitmap
SetPixel
CreateDCA
GetDeviceCaps
CreateFontA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegConnectRegistryA
RegQueryValueExA

oleaut32

SysAllocString

shell32

ShellExecuteExA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitialize
RevokeDragDrop

wininet

HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
ioctlsocket
send
sendto
recvfrom
recv
WSAGetLastError

Sections

.code
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44359ce3335d7e5afaf9e97ebcccdf42

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

gdi32

advapi32

oleaut32

shell32

ole32

wininet

wsock32

Sections

.code Size: 7KB - Virtual size: 7KB

.text Size: 106KB - Virtual size: 105KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 15KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 2KB

.code
Size: 7KB - Virtual size: 7KB

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 15KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 2KB