fil5CCF30BBF6978C3256476D3A3697F9B0

Sharing

Copy URL Twitter E-mail

General

Target

fil5CCF30BBF6978C3256476D3A3697F9B0
Size

1.6MB
MD5

e0cdcfc6e13f95b38c773918b46d339b
SHA1

6cba69ddd884bf88613d68be12903c78fb76b749
SHA256

d29b2f99a5b58d3213b8ce99a57ad36c138a359735dfff715666c19788cc462c
SHA512

3034d0d19b0234cb908c286af5594c8bf083c38afb84852e29b0e921fecad40de3a8143fa4e269335ded81d55fca735bdb8fe511d63157a392268efcb6797cbd
SSDEEP

24576:Fn8wB7hnNI1CWnYDm42pSY1oqzCvD3igoSYCN+2Dl4xpqKj/En7lJiL+gujG3GLB:Fpdh61Tim42pSY1oqwDOCN+2Z6RuiLJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fil5CCF30BBF6978C3256476D3A3697F9B0

Files

fil5CCF30BBF6978C3256476D3A3697F9B0
.exe windows:5 windows x64 arch:x64

639b2871fa6b41369bd39e9f8c6a487f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RemoveClipboardFormatListener
CharUpperBuffW

gdi32

GetStockObject

advapi32

RegDeleteValueA

ole32

CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

SHGetValueW

wininet

HttpQueryInfoA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata2
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

639b2871fa6b41369bd39e9f8c6a487f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

wininet

iphlpapi

Sections

.text Size: - Virtual size: 434KB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 24KB

.pdata Size: - Virtual size: 21KB

.ndata0 Size: - Virtual size: 1.9MB

.ndata1 Size: 3KB - Virtual size: 3KB

.ndata2 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 57KB - Virtual size: 56KB

.text
Size: - Virtual size: 434KB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 24KB

.pdata
Size: - Virtual size: 21KB

.ndata0
Size: - Virtual size: 1.9MB

.ndata1
Size: 3KB - Virtual size: 3KB

.ndata2
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 57KB - Virtual size: 56KB