9ffc8e47212c64551ea155804eae5694bac04dda461b955ced92dcdb7d2ba20a

Sharing

Copy URL Twitter E-mail

General

Target

9ffc8e47212c64551ea155804eae5694bac04dda461b955ced92dcdb7d2ba20a
Size

640KB
MD5

2f8694e62ea6358c478baed0780bf63e
SHA1

0007bdae2c8cf416f72f9051b50e51f246a6a4cf
SHA256

9ffc8e47212c64551ea155804eae5694bac04dda461b955ced92dcdb7d2ba20a
SHA512

e3a8ea4cbe0c38c8033795bd06ec1104cd280ae96b041c4e5f687347b8596cd622889d4cc9168303a59585e4507b4562b866ce7ec6668a063a1e8c7b187d1578
SSDEEP

12288:zi90a+s4GjUFqUYDg4ItPK0DMewxWx3tqcIpw2qxKN8ms9I2lGm8jPtX:zi7WDZNhEAKNs98m0Pd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ffc8e47212c64551ea155804eae5694bac04dda461b955ced92dcdb7d2ba20a

Files

9ffc8e47212c64551ea155804eae5694bac04dda461b955ced92dcdb7d2ba20a
.exe windows:4 windows x86 arch:x86

396f8e798e462501cccd5b12c24ce199

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetStringTypeW
GetCurrencyFormatW
CloseHandle
GetModuleHandleW
DeleteCriticalSection
HeapAlloc
TlsAlloc
SetConsoleCtrlHandler
LCMapStringA
SetHandleCount
WriteConsoleA
DebugBreak
GetCommandLineA
WideCharToMultiByte
RaiseException
UnhandledExceptionFilter
GetStartupInfoA
GetStdHandle
CompareStringW
MultiByteToWideChar
GetCurrentThread
GetStringTypeA
GetDateFormatA
GetDiskFreeSpaceExW
HeapCreate
SetFilePointer
GetProcessHeap
GetProcAddress
EnumSystemLocalesA
GetOEMCP
SetUnhandledExceptionFilter
WriteConsoleOutputCharacterA
GetConsoleOutputCP
ReadConsoleW
HeapDestroy
VirtualQuery
IsValidLocale
SetStdHandle
LeaveCriticalSection
GetCPInfo
HeapValidate
SetEnvironmentVariableA
GetModuleFileNameW
HeapReAlloc
IsValidCodePage
ExitProcess
EnterCriticalSection
WriteFile
VirtualAlloc
Sleep
QueryPerformanceCounter
GetCurrentProcess
InterlockedIncrement
GetModuleHandleA
GetFileType
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
GetCurrentThreadId
LoadLibraryW
TlsGetValue
GetConsoleMode
GetLastError
GetCurrentProcessId
VirtualFree
IsBadReadPtr
GetConsoleCP
GetTimeFormatA
GetTickCount
GetUserDefaultLCID
FreeEnvironmentStringsW
GetEnvironmentStringsW
OutputDebugStringA
LCMapStringW
RtlUnwind
GetEnvironmentStrings
GetSystemTimeAsFileTime
lstrlenA
IsDebuggerPresent
FreeEnvironmentStringsA
FlushFileBuffers
GetLocaleInfoW
TlsSetValue
GetTimeZoneInformation
HeapSize
HeapFree
TerminateProcess
LoadLibraryA
CompareStringA
SetLastError
WriteConsoleW
GetACP
GetModuleFileNameA
OutputDebugStringW
GetLocaleInfoA
TlsFree
CreateFileA
InterlockedExchange

comdlg32

ReplaceTextA
FindTextA
GetSaveFileNameW
FindTextW
GetFileTitleW
ChooseColorW
LoadAlterBitmap
PrintDlgW
ChooseFontW
ChooseFontA
PrintDlgA
ReplaceTextW
PageSetupDlgA
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleA

user32

GrayStringA
SetWindowContextHelpId

wininet

InternetCheckConnectionW
InternetCheckConnectionA
CreateUrlCacheGroup
FtpGetFileSize
GopherFindFirstFileA
GetUrlCacheEntryInfoA
FreeUrlCacheSpaceA
HttpEndRequestW
InternetGetCookieA
SetUrlCacheConfigInfoA
HttpOpenRequestW

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

396f8e798e462501cccd5b12c24ce199

Headers

File Characteristics

Imports

kernel32

comdlg32

user32

wininet

Sections

.text Size: 274KB - Virtual size: 273KB

.data Size: 349KB - Virtual size: 349KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 274KB - Virtual size: 273KB

.data
Size: 349KB - Virtual size: 349KB

.rsrc
Size: 15KB - Virtual size: 15KB