601c7606af162e79d9e0d33aac6f32c1aac657e2d660971ed050a049395203ba

Sharing

Copy URL

Twitter E-mail

General

Target

601c7606af162e79d9e0d33aac6f32c1aac657e2d660971ed050a049395203ba
Size

18.0MB
MD5

f66eac83ba881bc1086a544e1fa2be81
SHA1

1efb9f2f63f789c49d6cfa3ae91f7f71149f3e59
SHA256

601c7606af162e79d9e0d33aac6f32c1aac657e2d660971ed050a049395203ba
SHA512

be8bd1daaabdc3311d9b1eabbb8fca1dd0609989b33536891d0bdd91671b6a67aabfcb95424ac1281c3c4a20be72bfb1a5b2fe6460f2a0db24a42428894f392c
SSDEEP

393216:R8PE2rzxGjXFtf086tI9NhCop58xeyxK7HvO6pwhRyVg1T2U+:R8NGjHf08GIHhCC58AA6pwhjt+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setupprogram_01234.exe

Files

601c7606af162e79d9e0d33aac6f32c1aac657e2d660971ed050a049395203ba
.zip
Setupprogram_01234.exe
.exe windows:4 windows x86 arch:x86

83acb1886ce1e9350ddd14f8291cbbfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
LoadLibraryA
Sleep
HeapReAlloc
CompareStringW
GetModuleFileNameA
HeapFree
WideCharToMultiByte
QueryPerformanceCounter
GetLocalTime
DeleteCriticalSection
SetEndOfFile
CreateThread
FlushFileBuffers
TerminateProcess
GetVersionExA
RtlUnwind
HeapDestroy
GetModuleHandleW
GetFileAttributesA
EnterCriticalSection
TlsSetValue
GetCurrentThreadId
GetProcessHeap
VirtualFree
SleepEx
InterlockedDecrement
MoveFileExA
HeapAlloc
CompareStringA
GetCommandLineA
WaitForMultipleObjects
GetEnvironmentStrings
SetFilePointer
CreateFileA
ReadFile
PeekNamedPipe
GetFullPathNameA
HeapCreate
GetCurrentProcessId
GetCurrentThread
GetVersion
GetStringTypeW
WriteFile
FileTimeToLocalFileTime
GetEnvironmentStringsW
CloseHandle
SetEnvironmentVariableA
MultiByteToWideChar
SetHandleCount
VirtualAlloc
GetDriveTypeA
LCMapStringW
FindFirstFileA
FileTimeToSystemTime
GetTickCount
GetCPInfo
FreeEnvironmentStringsA
ExitThread
GetSystemTime
FreeEnvironmentStringsW
GetTimeZoneInformation
TlsGetValue
GetFileType
InterlockedIncrement
ExitProcess
GetCurrentDirectoryA
SetLastError
GetProcAddress
InitializeCriticalSection
DeleteFileA
GetStartupInfoA
QueryPerformanceFrequency
LCMapStringA
GetFileInformationByHandle
GetFileSize
GetStartupInfoW
TlsAlloc
GetOEMCP
GetModuleHandleA
GetEnvironmentVariableA
GetStringTypeA
GetCommandLineW
GetACP
FindClose
GetSystemDirectoryA
FreeLibrary
LeaveCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
WaitForSingleObject
GetLastError
MoveFileW
SetStdHandle
FormatMessageA
GetStdHandle
GetModuleFileNameW

user32

PostQuitMessage
SetWindowPos
GetMessageW
GetClientRect
ShowWindow
PostMessageW
DefWindowProcW
CreateWindowExW
GetSystemMetrics
LoadIconW
FillRect
SendMessageA
TranslateMessage
DispatchMessageW
EndPaint
GetWindowRect
RedrawWindow
MessageBoxA
UpdateWindow
BeginPaint
DrawTextW
RegisterClassExW

gdi32

SetBkMode
SetTextColor
DeleteObject
CreateSolidBrush

advapi32

CryptEncrypt
CryptGetHashParam
CryptAcquireContextA
CryptImportKey
CryptDestroyHash
CryptHashData
CloseServiceHandle
CryptDestroyKey
CryptCreateHash
CryptGenRandom
CryptReleaseContext

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateContext
CryptDecodeObjectEx
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptStringToBinaryA
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertCreateCertificateChainEngine
CertCloseStore
PFXImportCertStore
CertOpenStore

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord45
ord60
ord22
ord211
ord26
ord143
ord50
ord217

ws2_32

closesocket
send
WSAGetLastError
WSACleanup
WSAStartup
recv
ntohs
getsockname
getpeername
WSASetLastError
getsockopt
setsockopt
connect
WSAIoctl
bind
htons
socket
inet_ntoa
htonl
gethostbyname
inet_addr
getservbyname
gethostbyaddr
getservbyport
accept
sendto
recvfrom
select
__WSAFDIsSet
ioctlsocket
gethostname
ntohl
listen

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83acb1886ce1e9350ddd14f8291cbbfd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

crypt32

wldap32

ws2_32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 204KB - Virtual size: 200KB

.data Size: 56KB - Virtual size: 75KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 52KB - Virtual size: 49KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 204KB - Virtual size: 200KB

.data
Size: 56KB - Virtual size: 75KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 52KB - Virtual size: 49KB