4441ffcc98b8dd5d1b188a2b08bca7c0032da4ba54d2aa0d06d3bfc7a5dce060

Sharing

Copy URL Twitter E-mail

General

Target

4441ffcc98b8dd5d1b188a2b08bca7c0032da4ba54d2aa0d06d3bfc7a5dce060
Size

2.4MB
MD5

220307f3d21e89cb9fcbba8a36122291
SHA1

7f44aef0fccaf53c76bccb38706ad05b7aa23009
SHA256

4441ffcc98b8dd5d1b188a2b08bca7c0032da4ba54d2aa0d06d3bfc7a5dce060
SHA512

78b5c9750e20994a778813e1f4f92c4ef5474712bf37bc1534ae4028f61379ab16c31d179d45e72fc4e9c661516277db0ceb6097f7f4d063eb85270274673526
SSDEEP

49152:36BmqqALtZtnrtd/nYBg5ntcPLp4Nr2kSFKeuJttxPoeJNZ7bdsV/7ce/7c:36BmqqALJnrTvYBgCjAr2bVkttxgW/7v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4441ffcc98b8dd5d1b188a2b08bca7c0032da4ba54d2aa0d06d3bfc7a5dce060

Files

4441ffcc98b8dd5d1b188a2b08bca7c0032da4ba54d2aa0d06d3bfc7a5dce060
.exe windows:5 windows x86 arch:x86

863ab48aed8c5c5f9dadd7250781275d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdiplus

GdipFree

iocptcp

TcpSend

iocpudp

UdpInit

user32

GetDC

gdi32

SaveDC

comdlg32

GetFileTitleA

advapi32

FreeSid

shell32

DragFinish

ole32

CoInitialize

oleaut32

SysFreeString

disklessmultiserver

InitMultiSvr

ws2_32

htonl

iphlpapi

SendARP

version

VerQueryValueA

crypt32

CryptMsgClose

wintrust

WinVerifyTrust

rpcrt4

UuidCreate

imm32

ImmGetContext

comctl32

ord17

dbghelp

MiniDumpWriteDump

shlwapi

PathIsUNCA

wininet

InternetOpenA

psapi

GetProcessMemoryInfo

winhttp

WinHttpOpen

Sections

.MPRESS1
Size: 2.1MB - Virtual size: 15.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

863ab48aed8c5c5f9dadd7250781275d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdiplus

iocptcp

iocpudp

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

disklessmultiserver

ws2_32

iphlpapi

version

crypt32

wintrust

rpcrt4

imm32

comctl32

dbghelp

shlwapi

wininet

psapi

winhttp

Sections

.MPRESS1 Size: 2.1MB - Virtual size: 15.4MB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 305KB - Virtual size: 305KB

.MPRESS1
Size: 2.1MB - Virtual size: 15.4MB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 305KB - Virtual size: 305KB