fa98ffa604364a4ecd82d230146afd3bad42d60e53ff9e6bd52cfa8dc88f648a

Sharing

Copy URL

Twitter E-mail

General

Target

fa98ffa604364a4ecd82d230146afd3bad42d60e53ff9e6bd52cfa8dc88f648a
Size

10.0MB
MD5

0f76bcc0a7de6edf80f35d4dc05e28d4
SHA1

b2e1f3e1b640089208c509329e34831404efd55e
SHA256

fa98ffa604364a4ecd82d230146afd3bad42d60e53ff9e6bd52cfa8dc88f648a
SHA512

eeb3485ba73db10b0bb45f125f4cee745456f2f7cd8e6419c5561ac0f79f1f359783063f341afd3a9c8a1d87b9b01dc7d749c93ea126893ba71e871ee0b4fcd9
SSDEEP

196608:QpOfjom+j8qq1USf/7+qqWRD31fqzO7P95lv77q/ANPYRuY+Ge:TV+YqqPT+aD3FqslvCI9Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
fa98ffa604364a4ecd82d230146afd3bad42d60e53ff9e6bd52cfa8dc88f648a

Files

fa98ffa604364a4ecd82d230146afd3bad42d60e53ff9e6bd52cfa8dc88f648a
.exe windows:5 windows x86 arch:x86

0404601b4ddc475c18ff15013565159c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DispatchMessageA
WinHelpA
CharUpperBuffW

advapi32

CryptImportKey
RegQueryValueA

ws2_32

gethostbyname
ntohl

shlwapi

StrToIntW

ole32

CLSIDFromString

wininet

InternetReadFile
InternetCloseHandle

crypt32

CertFreeCertificateChain

winhttp

WinHttpSetOption

secur32

EncryptMessage

oleaut32

LoadTypeLi
UnRegisterTypeLi

winmm

waveOutRestart

rasapi32

RasHangUpA

gdi32

LineTo

winspool.drv

OpenPrinterA

shell32

SHGetSpecialFolderPathA

comctl32

ImageList_GetIcon

comdlg32

GetFileTitleA

Sections

T-VMP
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T-VMP
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

T-VMP
Size: - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T-VMP
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

T-VMP
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T-VMP
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T-VMP
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

T-VMP
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T-VMP
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

T-VMP
Size: 548KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

T-VMP
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0404601b4ddc475c18ff15013565159c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

shlwapi

ole32

wininet

crypt32

winhttp

secur32

oleaut32

winmm

rasapi32

gdi32

winspool.drv

shell32

comctl32

comdlg32

Sections

T-VMP Size: - Virtual size: 1.3MB

T-VMP Size: - Virtual size: 6.2MB

T-VMP Size: - Virtual size: 631KB

T-VMP Size: - Virtual size: 2.5MB

T-VMP Size: 4KB - Virtual size: 3KB

T-VMP Size: 7.8MB - Virtual size: 7.8MB

T-VMP Size: 8KB - Virtual size: 7KB

T-VMP Size: 1.7MB - Virtual size: 1.7MB

T-VMP Size: 4KB - Virtual size: 4KB

T-VMP Size: 548KB - Virtual size: 546KB

T-VMP Size: 8KB - Virtual size: 7KB

T-VMP
Size: - Virtual size: 1.3MB

T-VMP
Size: - Virtual size: 6.2MB

T-VMP
Size: - Virtual size: 631KB

T-VMP
Size: - Virtual size: 2.5MB

T-VMP
Size: 4KB - Virtual size: 3KB

T-VMP
Size: 7.8MB - Virtual size: 7.8MB

T-VMP
Size: 8KB - Virtual size: 7KB

T-VMP
Size: 1.7MB - Virtual size: 1.7MB

T-VMP
Size: 4KB - Virtual size: 4KB

T-VMP
Size: 548KB - Virtual size: 546KB

T-VMP
Size: 8KB - Virtual size: 7KB