e1469bf37e4e4ed1b6bd384a2e06679e

Sharing

Copy URL Twitter E-mail

General

Target

e1469bf37e4e4ed1b6bd384a2e06679e
Size

412KB
MD5

e1469bf37e4e4ed1b6bd384a2e06679e
SHA1

418a306b8d0f0ee55a0fdc256ef2123ac992db95
SHA256

daab9297a25b6d4103b25031820b53554deddb2ad41b2a581770f39ddac871c4
SHA512

d5205472032c41ee9c54e0b6d13c6fa796448fe7bfce77badb33e301c81bd9f5962e9f2d8c7efc9bb16ca4f0cef1e62a14965327f3066eecceb91e35c0ed5d16
SSDEEP

6144:gsXqb8KJ6NzwfmWd4ZPMRImc6nO3HxiHsg054Rd25r6YokuVi5CoDeq:gsS8vJHWEenO3Hxi0sdsr6DM5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1469bf37e4e4ed1b6bd384a2e06679e

Files

e1469bf37e4e4ed1b6bd384a2e06679e
.exe windows:4 windows x86 arch:x86

a76ce81d81bedbea2d9b75e1003a566e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontA

kernel32

GetEnvironmentVariableW
GetTickCount
LCMapStringW
GetCurrentProcess
GetCurrentThread
SetEnvironmentVariableA
GetModuleFileNameA
VirtualFree
GetCPInfo
TerminateProcess
ReadConsoleOutputA
SetFileAttributesA
WideCharToMultiByte
TlsSetValue
GetProcAddress
FindResourceW
GetMailslotInfo
GetDateFormatA
CompareStringA
VirtualUnlock
GetLastError
DeleteFiber
SetLastError
GetLocaleInfoW
ExitProcess
FreeEnvironmentStringsA
GetFileType
LockResource
IsValidCodePage
TlsFree
RtlUnwind
GetEnvironmentStringsW
DeleteCriticalSection
GetCurrentThreadId
OpenFileMappingA
GetEnvironmentStrings
GetConsoleMode
MultiByteToWideChar
SetHandleCount
CreateDirectoryA
GetProcessShutdownParameters
GetSystemTimeAsFileTime
GetVersionExA
SetThreadLocale
GetStartupInfoA
CreateMutexW
GetCommandLineA
CompareStringW
ReadConsoleOutputAttribute
lstrcmp
GetSystemTime
HeapAlloc
GetCurrentProcessId
EnterCriticalSection
LCMapStringA
SetSystemTime
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
HeapCreate
InterlockedExchange
EnumSystemLocalesA
FlushConsoleInputBuffer
GetStringTypeW
GetSystemInfo
IsBadWritePtr
GetStdHandle
FreeEnvironmentStringsW
TlsGetValue
TlsAlloc
LeaveCriticalSection
HeapReAlloc
HeapDestroy
UnhandledExceptionFilter
WriteFile
FreeLibrary
AddAtomW
QueryPerformanceCounter
HeapSize
GetOEMCP
VirtualQuery
FreeResource
GetTimeZoneInformation
GetTimeFormatA
HeapFree
LoadLibraryA
VirtualProtect
VirtualAlloc
GetModuleHandleA
InitializeCriticalSection
GetACP
IsValidLocale

wininet

InternetWriteFileExA
RetrieveUrlCacheEntryStreamA
HttpEndRequestA
RunOnceUrlCache
FtpRenameFileA
InternetHangUp
FtpPutFileW

advapi32

LookupPrivilegeValueA
RegReplaceKeyW
RegFlushKey
RegEnumKeyExW
CryptGetHashParam
CryptSetProviderExW
RegSetValueA
LookupSecurityDescriptorPartsW
LookupPrivilegeNameA
StartServiceW
CryptDestroyHash
CryptVerifySignatureW
CryptEncrypt
GetUserNameA
RegQueryInfoKeyA
RegLoadKeyA
CryptGetUserKey

gdi32

GdiPlayDCScript
GetCharacterPlacementA

shell32

DoEnvironmentSubstW
SHGetSpecialFolderPathA
DragQueryFile

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a76ce81d81bedbea2d9b75e1003a566e

Headers

File Characteristics

Imports

comdlg32

kernel32

wininet

advapi32

gdi32

shell32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 8KB - Virtual size: 29KB

.data Size: 278KB - Virtual size: 277KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 8KB - Virtual size: 29KB

.data
Size: 278KB - Virtual size: 277KB

.rsrc
Size: 7KB - Virtual size: 6KB