959991c70a9d7da7e3a40bac786aa70f5796a83e8259c9053a56360121f70ef7

Sharing

Copy URL Twitter E-mail

General

Target

959991c70a9d7da7e3a40bac786aa70f5796a83e8259c9053a56360121f70ef7
Size

104KB
MD5

720289c1003a7d3f9b247371467e27d4
SHA1

70ee991079cd402fd33e6d8c6dc34b631a9f4db3
SHA256

959991c70a9d7da7e3a40bac786aa70f5796a83e8259c9053a56360121f70ef7
SHA512

4e483c6f42971bebf433aaf80d4ec436bc74a6432ed475a3251dd5ddc93a4bbb3445bcb095898935081103c2dda79a6355264d06c02367f78b77886e5842879d
SSDEEP

1536:qZKsbBv/ltxajw4ahQHS/ja5hm/WQ9LsmgsngD6DHS/j5zU:aKsF9tLlhQHWa58eELsmgFD6DHW5zU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
959991c70a9d7da7e3a40bac786aa70f5796a83e8259c9053a56360121f70ef7

Files

959991c70a9d7da7e3a40bac786aa70f5796a83e8259c9053a56360121f70ef7
.exe windows:4 windows x86 arch:x86

7871e2133c4150e89c7aea6926604caf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xpcom

NS_StringContainerInit
NS_StringContainerFinish
NS_CStringContainerInit
NS_CStringContainerFinish
NS_CStringContainerInit2
NS_ShutdownXPCOM
NS_GetServiceManager
NS_NewNativeLocalFile
NS_UTF16ToCString
NS_StringContainerInit2
NS_CStringGetData
NS_StringGetData
NS_CStringToUTF16
NS_InitXPCOM2
NS_CStringSetData

xul

XRE_GetBinaryPath
XRE_GetFileFromPath
XRE_main
XRE_FreeAppData
XRE_CreateAppData

nspr4

PR_vsmprintf
PR_SetEnv
PR_Read
PR_Close
PR_Write
PR_GetEnv
PR_snprintf
PR_smprintf_free

plc4

PL_strcasecmp

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
WideCharToMultiByte
ExpandEnvironmentStringsW
MultiByteToWideChar
IsDebuggerPresent
GetCurrentProcessId

user32

MessageBoxW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW

mozcrt19

?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
_unlock
_adjust_fdiv
__setusermatherr
__dllonexit
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcsncmp
wcstol
wcspbrk
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_configthreadlocale
_wcsdup
__p__commode
free
wcslen
??_V@YAXPAX@Z
printf
_vswprintf
wcscpy
fprintf
__iob_func
strlen
_snprintf
??3@YAXPAX@Z
malloc
strcmp
memcpy
memset
fclose
??2@YAPAXI@Z
fread
ftell
fseek
_wfopen
_waccess
wcsncat
wcscmp
strcpy
_fullpath
getenv
wcschr

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7871e2133c4150e89c7aea6926604caf

Headers

DLL Characteristics

File Characteristics

Imports

xpcom

xul

nspr4

plc4

kernel32

user32

advapi32

mozcrt19

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 72KB - Virtual size: 69KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 72KB - Virtual size: 69KB

.reloc
Size: 4KB - Virtual size: 1KB