45cf0d99a7b96fbf079fd53871048e1eab8ae2633986cf7bbad0991c08155c86

Sharing

Copy URL Twitter E-mail

General

Target

45cf0d99a7b96fbf079fd53871048e1eab8ae2633986cf7bbad0991c08155c86
Size

476KB
MD5

25472d552f3439d610a0ea0feea59b18
SHA1

0de508512ff98d084aa5e83213b4954124a3e320
SHA256

45cf0d99a7b96fbf079fd53871048e1eab8ae2633986cf7bbad0991c08155c86
SHA512

1562123e20ceeb527b7c0565f9dd3a0ffb4cd068e4945dce0a3923ab29181e040e6bad8309e3481ad804424cfd27a4e4aa6e74d3c120d9c7d9967dd9554557b6
SSDEEP

6144:PPFYGIeGkQuPRfO3rHeyd7zHj0XBgeBjuXuUHjI0:6e+Us3rP7zHj+BgeBjutDD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45cf0d99a7b96fbf079fd53871048e1eab8ae2633986cf7bbad0991c08155c86

Files

45cf0d99a7b96fbf079fd53871048e1eab8ae2633986cf7bbad0991c08155c86
.exe windows:4 windows x86 arch:x86

4d74d24effa76dd9e7344feeaa11991e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
GetLocaleInfoW
SetEndOfFile
CreateFileA
GetOEMCP
GetACP
SetStdHandle
ReadFile
IsBadCodePtr
SetConsoleCtrlHandler
WideCharToMultiByte
MultiByteToWideChar
GetLastError
DeleteFileA
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
TerminateProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
GetCPInfo
CompareStringA
CompareStringW
SetFilePointer
FlushFileBuffers
CloseHandle
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

advapi32

RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

wininet

InternetConnectA
FtpGetFileA
FtpDeleteFileA
InternetOpenA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA

Sections

.text
Size: 404KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d74d24effa76dd9e7344feeaa11991e

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

Sections

.text Size: 404KB - Virtual size: 401KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 16KB - Virtual size: 20KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 404KB - Virtual size: 401KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 16KB - Virtual size: 20KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 13KB