4ab6e3deea471745859072d4b5c0b5cbd9eb67febae32b2947dd0d34246b3b77

Sharing

Copy URL Twitter E-mail

General

Target

4ab6e3deea471745859072d4b5c0b5cbd9eb67febae32b2947dd0d34246b3b77
Size

13.9MB
MD5

9763e7480daaa59942cfc773e584938a
SHA1

eca3bef22887cc5c07571803a843445b44201613
SHA256

4ab6e3deea471745859072d4b5c0b5cbd9eb67febae32b2947dd0d34246b3b77
SHA512

9f4a00275b35342f6b33da31395fd2acd57aa5accd3ea2d4adbbfeb46e14f514cda3c2f620a6e137115b4fb190862aa7f1ed21fb8c879cee759206e7391d6558
SSDEEP

196608:uTUnBBLdINFWFTxMhsdyYOPccJlxifvtiaKF9H9U6XUd6DW79q94QzglU:uoneNFqTxBUpPccTwHAHhDkn790kl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ab6e3deea471745859072d4b5c0b5cbd9eb67febae32b2947dd0d34246b3b77

Files

4ab6e3deea471745859072d4b5c0b5cbd9eb67febae32b2947dd0d34246b3b77
.exe windows:5 windows x86 arch:x86

7fc43092095a7f179f2f8eafdbe06d8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

iphlpapi

GetAdaptersInfo

winmm

midiStreamRestart

ws2_32

send

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowExA
CharUpperBuffW

gdi32

GetViewportExtEx

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

SafeArrayAccessData

comctl32

ImageList_Destroy

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Exports

Exports

-��v��+DѴg�� q\�F��Ǧ��q�4ᇵ��c��R�V��jW}�iW_a�*��ܓc��.,��nM��K�j��U坬N��>:��{��ɜ��d"��,��f��S�;�8=�f��}W��x�"�_k��S��C�� ȩ��0C��m]�_�{��0�^��AOm*r�&�[��L��@\��=ŨS�R�y�õ��Ǝ��kʰ��Vx��U�0��߉��f��¿�X��:� �jIT�B*��5Z��A��n�ܚ�m�"�*��o�O��9��v1[d��0�Of��t7�� .��֞82��! <��m� {K��"�=��l6Y��rT��>u~��$>D{��v�٣[�GB�t �;ʜM�6�M�4Z�Q��c�� w�:��iY��5��o1#hW_5T��\i)w�!�`��/�>I��$<��]-{TЎ�@��MesO]�N�@��Z��_�N� t� �F�mx�5��M��OPm��`��g��q�e�Vg��5|��͉O��x��|T��H��r1wE��wl��PNe^W+�7=4/h�K�X� }~� ��̂jc�â\50�cIw��ܕ�}��j��MG�h^�$c��6AS��#G�)z٬��;��J�?6g4x�AD:��b��ް2�<�|Hc�L��3/�@��]0��E�N٭-Ⴢ#�s�W=U��+T�q�c�6��%�\��)T��q��d��'��V6��ّ�+Z��7�:|��3��"�`��=wq�j�E��})��뛓�O��l�|L��M��=�CUo</��vW1��`��2��v'�k;)#��sۊ�V\0��J�1�4��s�I��wgH��ïT�l-��{�qd� �1��0{��2k]BG>��Q��⺃+%R��7>k��ix7�m�/n�Y��L[�I�R��ap�Te��Nnv��`�D�7Z1fk��W=�ǘ�EtQ��b�U��>;%�}�-��M8�|�6��_�ʦ\ g��%+r|��c3��mZfJ��ڈ<.$] ��f@3��shhw�wfs��PÑ�_��#��{�� S��a��> (��1��q��i�B�Gq��@x��O��m��n��l>,Cm,b�͗r��'��tWꕿ��t��DR��l��E`kS�nr,��|�؄��w�i��y"�q#��P�J�H�c�H"(o��Ԏ%� Q�67ةޭ{��D�&&��5��)�\M^7��$#'�uk;��d��bu�-2/�@#��%�^t�xr��)�8�!��j��;�G)� �Z �>�Q�L�ԙ��v��w�Y�j��y*�A%�W��bq��@��wAP-��,OG�dJ0*��sk�5�";��k�"��1w�OߣO�V}�_�Tj�D�ٹYR\��,�kf^�h%E�`d��=[/�{�K�k�9��~Cl1h'(��lM��FI��]��5��)�3�z�9m@G��g�+�)H��"Z�z��U��_�M�O:�D�m~ݫP}7/+C��@6��T�Χ| N��]�,�w*�!�N@3-g� J1��e��B��m!ĄR��M��ȇ�<��^-�mh��5�#��Ρ��y�7˿x��Y�!��-�aS��tӘ}��:� �&f�[@!��$mYJce��? ��*:�q��'�KP��(�n��h6uGg.q��25h��\��o��2�S�� 5��R��4�a��3�p��# |�j��?}ג+9��\>�FU3qzc�H��\;'�H.�SE��:��K5btI��M�~.��Y��z\*.=I 2h`@��z��[��uܺg�vX=�<�\��U:{��,�|�~9�� Ĵ�81�f�E�� 6<{��ޭ:a��h@��"�|��+��O��CXT{��eN)$��x<D��[�ĂuL�%+Z��d�ٗ�h��#WWBGdEx��֓[��}B_6��?2�l�`�;R$�]�� u֙E6O7��~v�ۨ��^��խ��0�ZU�+0�I�TK> }�7�%K�'��ݾA��K��|Ϝ��f��-N��h(.�0�Y��'S��H6�MSe2��]JSk��܉�'�%`Ɩ[�k��I�)�gv�je�d\R(�֑�ʽ��N+g@F��SD4�A)�*�іsC�L-��#��!�i ��9rJ>�tD�G0wq�=�s�*�l�._�@lr�5��K�p�P�.�I�D�A��ֹ�c�$'a�2��\&��p��L��Z��Bזt{vЩ�_�YQ��>�x d1`�d)y�Y�l��Y;?�n5~�Z��:��f�j�M��o��B':⌀uixd��/��K�,4�7sE� 8��"Dr8��ݮ��1��,a�9��/�l��f:��S�H�1��cc�P�F��zC��#0'c��`O�hv��'.j��Y��k�`��_ou��9��(}ӊS+�Rh7{��n��M��W`ՔEV<�1�?H�A.WݚGS�Y��y�i��CB��F�p�4G4"�BP3�ca665��\��*l�΢i�j�Y*� �+�H�b��_~��<I`�(�:�?��֤�To8�<�Y3= �L39O�ݑX��X�τ�t�6�\�;��+hWB}��V��w��l�� ϸ�Iv��[�e��ցJe�tOF @�`�X��#(��〬�o��K�u��]�H*<L:��w��b/h��g5ߝy�~��7߶_Т��a]uu��8��5�;�Ƙ��5��e_�f7ꙺh�5��hk��N� �bɹ�i�

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bYK
Size: - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.i1|
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.^>+
Size: 13.9MB - Virtual size: 13.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fc43092095a7f179f2f8eafdbe06d8b

Headers

File Characteristics

Imports

rasapi32

iphlpapi

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 4.9MB

.data Size: - Virtual size: 1.2MB

.bYK Size: - Virtual size: 8.4MB

.i1| Size: 4KB - Virtual size: 2KB

.^>+ Size: 13.9MB - Virtual size: 13.9MB

.rsrc Size: 72KB - Virtual size: 68KB

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 4.9MB

.data
Size: - Virtual size: 1.2MB

.bYK
Size: - Virtual size: 8.4MB

.i1|
Size: 4KB - Virtual size: 2KB

.^>+
Size: 13.9MB - Virtual size: 13.9MB

.rsrc
Size: 72KB - Virtual size: 68KB