4189b48c424dfcbc9d032e5e5d058d434b81bc0d584be762282ac029c41d193c

Sharing

Copy URL Twitter E-mail

General

Target

4189b48c424dfcbc9d032e5e5d058d434b81bc0d584be762282ac029c41d193c
Size

612KB
MD5

e3f8af63c51e33ca5d4e1482891c38a3
SHA1

13d2f53dacbe98789e7e1ac75aa447894903b20e
SHA256

4189b48c424dfcbc9d032e5e5d058d434b81bc0d584be762282ac029c41d193c
SHA512

a246f3dc53fbb64cb8c0924a99126335e0c5b7c2c78cadcacf5f307e607ac43fd9fdaeecc7ef1c77515bb0902bcdd0a684203c790ec5359972495d43ad13e425
SSDEEP

12288:TQ1f74lPG9D1GWfjFHsQ+Cbu6xrsL0JLX8iXi2BjvrEH7D:TQms55HP+Cu66L0pigrEH7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4189b48c424dfcbc9d032e5e5d058d434b81bc0d584be762282ac029c41d193c

Files

4189b48c424dfcbc9d032e5e5d058d434b81bc0d584be762282ac029c41d193c
.exe windows:6 windows x86 arch:x86

daffa0f1d4c42f726f1bfc16dd9b64d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCpyNW

wininet

InternetCheckConnectionW

kernel32

FormatMessageA
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
LeaveCriticalSection
EnterCriticalSection
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
CloseHandle
WaitForSingleObject
SleepEx
SetEvent
CreateEventW
QueueUserAPC
TerminateThread
WaitForMultipleObjects
DeleteCriticalSection
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
CopyFileW
lstrlenW
GetTempFileNameW
MultiByteToWideChar
GetTickCount
CreateMutexW
CreateMutexA
ExitProcess
DeleteFileW
RemoveDirectoryW
AllocConsole
SetConsoleTextAttribute
GetStdHandle
WriteConsoleW
ReadConsoleInputW
FreeConsole
GetLocalTime
GetWindowsDirectoryW
OpenEventW
InitializeCriticalSection
GetModuleHandleA
VirtualProtect
lstrcmp
GetModuleFileNameW
CreateProcessW
GetModuleHandleW
SetEnvironmentVariableW
LocalFree
WideCharToMultiByte
MoveFileExW
GetTickCount64
GetLastError
GetProcessHeap
SetStdHandle
HeapSize
GetCurrentProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
ReadFile
FlushFileBuffers
GetFileSizeEx
GetConsoleMode
GetConsoleCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
WriteFile
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitThread
RaiseException
RtlUnwind
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
DeviceIoControl
GetProcAddress
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetEnvironmentVariableW
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
CreateThread
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW

advapi32

RegDeleteValueW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ConvertSidToStringSidA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathAndSubDirW

ole32

CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity

ws2_32

setsockopt
ioctlsocket
WSASetLastError
WSAGetLastError
closesocket
WSACleanup
WSASend
select
connect
WSASocketW
shutdown
htonl
ntohl
htons
getaddrinfo
getsockopt
WSACloseEvent
WSAStartup
WSARecv
WSACreateEvent
freeaddrinfo
WSAEventSelect

Sections

.text
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

init
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daffa0f1d4c42f726f1bfc16dd9b64d4

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

kernel32

advapi32

shell32

ole32

ws2_32

Sections

.text Size: 419KB - Virtual size: 419KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 11KB - Virtual size: 17KB

init Size: 512B - Virtual size: 48B

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 419KB - Virtual size: 419KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 11KB - Virtual size: 17KB

init
Size: 512B - Virtual size: 48B

.rsrc
Size: 5KB - Virtual size: 5KB