488b75b40ff6eba728f761dcd3c5fc7d

Sharing

Copy URL

Twitter E-mail

General

Target

488b75b40ff6eba728f761dcd3c5fc7d
Size

64KB
MD5

488b75b40ff6eba728f761dcd3c5fc7d
SHA1

a15302ad46b1af3b517138bc5488e9d82a24e309
SHA256

efea102e5a152f72caecf2c4172a1f49641929a2dfaff17bbf0c46074763909c
SHA512

1c14b2f32abfb9149682b756f68dcc866c60b6734db8137e8a948bcb36843c669dd0d1555969c6f641ef61e358bd20997cd76f2f3e13e93571a0ab65146ea1ff
SSDEEP

768:gnMRpH9wTLcg0ZowiB9kZtzkDzn7hSoCP+YVvhCj9Y:KM5wPcROytzUcoKXVvYj9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
488b75b40ff6eba728f761dcd3c5fc7d

Files

488b75b40ff6eba728f761dcd3c5fc7d
.exe windows:4 windows x86 arch:x86

4147f31dde540b6512f0be5e49024fb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bc32fn

GetLineArgs
ZVER_CONFIG
PHB
SkipRightBlk
FormatNumber
StrAdd
DefineOutputDev
Close
AllocLocalData
pvTerminateProgram
FreeLocalData
DBDatabase
DBClose
DBXAccess
BcxExit
ZPREXTEND
bPrintFileName
bGetActualArgsExv
ZEXVARG
PropertiesEx
ZTRADVER
ZMINVER
ZMINVERUX
pszCurrentModule
BcMain2
CallDllFunction2
bOptimizeSearch
iNewFrmSpec
pszSUBProto
psArgv
iArgc
CallAllPrograms
PROGC
ZNOMEXE

bc32ui

RRI
DefFuncKey3
DefineEdit10
DefineGroupBox3
DefineRadioOptions3
DefineRadioButton
DefineTVDouble
DefinePos4
GetDynamicStruct2
ZapDynamicStruct
DefineDynamicStruct5
SetFuncKeyHide
SetFuncKeyEnable
RCI
ABCPRB
WgsSetEnabledKeys
WgsSetDefinedKeys
WgsSetUncheckedKeys
WgsMessageBoxEx
TraceDebug2
EntrySub2
pszID
DefineWindow10
DefineFormat
DefineLabel3
DefineButtonIvt
RunWindow4
ZVIDCOMPVIS
WgsRestoreInputData
ExitSub
ABC
DBCreateVars2
DBDefineStructs
CANVID
EntryInitProgramData
cRowsRI
cColsRI
RI
KYM
ExitInitProgramData
EntryTerminateProgram
DBRemoveVars
RCCHAN
WgsInitData
ExitTerminateProgram
szProgramName
RCSRCH
SearchSTR
WgsExitAppThread
WgsInitID
GetStyle

kernel32

TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringW
LCMapStringA
ExitProcess

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4147f31dde540b6512f0be5e49024fb8

Headers

File Characteristics

Imports

bc32fn

bc32ui

kernel32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 704B

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 704B