48d4819f2e58e745f42155945dfb47041214ddadccbcbc2d3ef8592907670664

Sharing

Copy URL Twitter E-mail

General

Target

48d4819f2e58e745f42155945dfb47041214ddadccbcbc2d3ef8592907670664
Size

478KB
MD5

30720ad057f2b86de997c43ab964183b
SHA1

fde3da756937dc7792a9efb2f0c0c0281e026544
SHA256

48d4819f2e58e745f42155945dfb47041214ddadccbcbc2d3ef8592907670664
SHA512

a4943de585736864b986ea5ecdacbf7c9fbb317c51951a1673c6c9958ae228d571b3242bcf75f6c6156748e2c4505cc5e81930f91281ab3e65ea7ebce524a261
SSDEEP

12288:ywYvZ6VyEvAGdsBfa3dPUjK8amNRfET9TriWzGuf:ywYRKAeuS3GrN6T9riWCuf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48d4819f2e58e745f42155945dfb47041214ddadccbcbc2d3ef8592907670664

Files

48d4819f2e58e745f42155945dfb47041214ddadccbcbc2d3ef8592907670664
.exe windows:5 windows x86 arch:x86

916d52e7fce48bb5e9a598e1bc705bbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Project\Final TWD\C++\Release\Pytron.pdb

Imports

kernel32

GetLastError
GlobalFree
GetSystemTimeAsFileTime
DuplicateHandle
WaitForSingleObject
Sleep
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
GetStringTypeW
GetCommandLineW
CreateTimerQueueTimer
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
RaiseException
RtlUnwind
CreateThread
ExitThread
GetProcAddress
LoadLibraryExW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
CreateTimerQueue
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
GetStdHandle
CloseHandle
GetProcessHeap
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
SetEvent
ReleaseSemaphore
CreateEventW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SwitchToThread
GetTickCount
UnregisterWaitEx
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
IsValidCodePage
GetACP
GetOEMCP
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
SetThreadPriority
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryW
UnregisterWait
SetStdHandle
WriteConsoleW
CreateFileW
GetThreadPriority
SignalObjectAndWait
MultiByteToWideChar
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
WriteFile
WideCharToMultiByte

user32

GetSystemMetrics

advapi32

CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegOpenKeyExW
RegQueryValueExW
CryptHashData
CryptCreateHash

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpAddRequestHeaders

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

916d52e7fce48bb5e9a598e1bc705bbf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

winhttp

Sections

.text Size: 317KB - Virtual size: 317KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 11KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 63KB - Virtual size: 63KB

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 11KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 63KB - Virtual size: 63KB