42717fe6e1e65168cf892f401717e51f5472ec235000b1b0447d96bac730de3d

Sharing

Copy URL

Twitter E-mail

General

Target

42717fe6e1e65168cf892f401717e51f5472ec235000b1b0447d96bac730de3d
Size

104KB
MD5

28179f24e01d1fc0878410ed95453858
SHA1

e144b5813bd0b97536f7f9db9bd65670a5c8ed03
SHA256

42717fe6e1e65168cf892f401717e51f5472ec235000b1b0447d96bac730de3d
SHA512

43e04d49cb7bb1a835277094b87d48149b4d6e88d7c8b3b1759e1b0816ca6cfb411ffb8aa17cc91ff54e3e6a85a592d91b5a23bdcd5d751768d0138b6e9406d7
SSDEEP

1536:EaeLbIdrp9xnwXubHS/ja5hm/WQ9LsmgsngD6DHS/jJlU:/eLal92+bHWa58eELsmgFD6DHWJlU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42717fe6e1e65168cf892f401717e51f5472ec235000b1b0447d96bac730de3d

Files

42717fe6e1e65168cf892f401717e51f5472ec235000b1b0447d96bac730de3d
.exe windows:4 windows x86 arch:x86

ed1e962011fe2b8ab93d1447af9a8a2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xpcom

NS_StringContainerInit
NS_StringContainerFinish
NS_CStringContainerInit
NS_CStringContainerFinish
NS_CStringContainerInit2
NS_ShutdownXPCOM
NS_GetServiceManager
NS_NewNativeLocalFile
NS_UTF16ToCString
NS_StringContainerInit2
NS_CStringGetData
NS_StringGetData
NS_CStringToUTF16
NS_InitXPCOM2
NS_CStringSetData

xul

XRE_GetBinaryPath
XRE_GetFileFromPath
XRE_main
XRE_FreeAppData
XRE_CreateAppData

nspr4

PR_vsmprintf
PR_SetEnv
PR_Read
PR_Close
PR_Write
PR_GetEnv
PR_snprintf
PR_smprintf_free

plc4

PL_strcasecmp

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
WideCharToMultiByte
ExpandEnvironmentStringsW
MultiByteToWideChar
IsDebuggerPresent
GetCurrentProcessId

user32

MessageBoxW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW

mozcrt19

?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
_unlock
_adjust_fdiv
__setusermatherr
__dllonexit
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcsncmp
wcstol
wcspbrk
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_configthreadlocale
_wcsdup
__p__commode
malloc
??_U@YAPAXI@Z
wcslen
??_V@YAXPAX@Z
printf
_vswprintf
wcscpy
fprintf
__iob_func
strlen
_snprintf
??3@YAXPAX@Z
free
strcmp
memcpy
memset
_wfopen
fclose
??2@YAPAXI@Z
fread
ftell
fseek
_waccess
wcsncat
wcscmp
strcpy
_fullpath
getenv
wcschr

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed1e962011fe2b8ab93d1447af9a8a2a

Headers

DLL Characteristics

File Characteristics

Imports

xpcom

xul

nspr4

plc4

kernel32

user32

advapi32

mozcrt19

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 72KB - Virtual size: 69KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 72KB - Virtual size: 69KB

.reloc
Size: 4KB - Virtual size: 1KB