46d3bcca4dc26efc92997a92c0823cddb32828e6b84a01a37ee6f626168a2562

Sharing

Copy URL Twitter E-mail

General

Target

46d3bcca4dc26efc92997a92c0823cddb32828e6b84a01a37ee6f626168a2562
Size

1.1MB
MD5

291eb47ea4e876dea1e93e1d1a2348c3
SHA1

d87c893410c4fbd6b98354f69c240ab5c59652db
SHA256

46d3bcca4dc26efc92997a92c0823cddb32828e6b84a01a37ee6f626168a2562
SHA512

1afab21161a33f8ce418c3086644488ea243d996e2011b5150276d5661b3d459f5830d649b639f9229e1ad912d5e1720e34ba6af5430c3896c5c5bf69c75db99
SSDEEP

24576:7IbcAILWTFBuf5ZKjCzWM/gVWlZiAtOFSIJYeHJ9ks62LsWNanzg:2cAILkFBuBZKjCzW+2FbYepusVDak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46d3bcca4dc26efc92997a92c0823cddb32828e6b84a01a37ee6f626168a2562

Files

46d3bcca4dc26efc92997a92c0823cddb32828e6b84a01a37ee6f626168a2562
.exe windows:4 windows x86 arch:x86

b0ebd41d6e4f280721466c615128b757

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
GetProcessTimes
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateFileA
ReadFile
WriteFile
DeviceIoControl
SetLastError
GetCurrentDirectoryW
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
GetExitCodeProcess
CreatePipe
SetEnvironmentVariableA
SetEnvironmentVariableW
GetFullPathNameW
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
CreateEventA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetEndOfFile
GetStdHandle
SetHandleCount
FindFirstFileW
HeapSize
IsBadWritePtr
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
HeapDestroy
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentProcessId
GetFullPathNameA
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
DuplicateHandle
ExitThread
TlsSetValue
CreateThread
ResumeThread
DeleteFileW
DeleteFileA
GetFileAttributesW
ResetEvent
GetTickCount
CreateMutexA
WaitForSingleObject
FreeLibrary
ReleaseMutex
CloseHandle
SetHandleInformation
SetErrorMode
LoadLibraryA
GetEnvironmentVariableW
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetProcAddress
ExitProcess
GetEnvironmentVariableA
GetShortPathNameA
FormatMessageA
GetModuleHandleA
LocalFree
Sleep
VirtualFree
VirtualAlloc
GetCurrentProcess
GetDriveTypeA
GetVolumeInformationA
SetStdHandle
SetEvent
MoveFileW
MoveFileA
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
CreateProcessA
GetVersion
GetWindowsDirectoryA
GetEnvironmentStrings
CreateFileW
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
GetStartupInfoA
RaiseException
GetFileType
SetFilePointer
GetFileAttributesA
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapFree
HeapAlloc
RtlUnwind

user32

SetMenuItemInfoA
MessageBoxA
SendDlgItemMessageA
ShowCursor
SetCursor
LoadCursorA
GetCursor
GetWindowTextLengthA
GetDlgItem
SetFocus
CheckRadioButton
GetWindowTextA
MessageBeep
EnableWindow
CreateDialogParamA
EndDialog
GetWindowLongA
RedrawWindow
SendMessageA
ShowWindow
PostMessageA
DestroyWindow
InvalidateRect
wsprintfA
SetWindowTextA
DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetClientRect
GetFocus
GetParent
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
GetSystemMetrics
GetActiveWindow
LoadBitmapA
SetWindowLongA
CallWindowProcA
GetWindowRect
ScreenToClient
MoveWindow
GetDC
ReleaseDC
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
IsWindowEnabled
SetForegroundWindow

netapi32

Netbios

advapi32

GetUserNameA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegEnumValueA
ControlService
StartServiceA
RegDeleteKeyA
RegDeleteValueA
DeleteService
QueryServiceConfigA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
ChangeServiceConfigA
RegEnumKeyExA
RegSetValueExA

gdi32

DeleteObject
SelectObject
GetTextMetricsA
GetStockObject
CreateFontIndirectA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

ShellExecuteA

comctl32

ImageList_Add
ImageList_Create
ImageList_GetImageCount
ord17

wsock32

WSACleanup
ntohs
htons
closesocket
send
gethostname
ntohl
htonl
gethostbyname
gethostbyaddr
inet_addr
ioctlsocket
setsockopt
WSAGetLastError
WSAStartup
__WSAFDIsSet
select
connect
socket
getprotobyname
recv
inet_ntoa

Sections

.text
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 68KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0ebd41d6e4f280721466c615128b757

Headers

File Characteristics

Imports

kernel32

user32

netapi32

advapi32

gdi32

comdlg32

shell32

comctl32

wsock32

Sections

.text Size: 764KB - Virtual size: 763KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 68KB - Virtual size: 129KB

_TEXT_HA Size: 68KB - Virtual size: 66KB

.rsrc Size: 180KB - Virtual size: 180KB

.text
Size: 764KB - Virtual size: 763KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 68KB - Virtual size: 129KB

_TEXT_HA
Size: 68KB - Virtual size: 66KB

.rsrc
Size: 180KB - Virtual size: 180KB