40ccbb80f9913c0010862f5a332466b7c9f4e2ad53b133a8e8d21b204e92942d[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

40ccbb80f9913c0010862f5a332466b7c9f4e2ad53b133a8e8d21b204e92942d.exe
Size

57KB
MD5

881a26f6b12b60b6d953410f5d44a4e0
SHA1

387d0ba7f5387f9258a43a77218d91fa0d1ad33a
SHA256

40ccbb80f9913c0010862f5a332466b7c9f4e2ad53b133a8e8d21b204e92942d
SHA512

28f54339222e93302299a49acc7fefef7fc327f4f1d55f504895c115ce5b5ee66ac6d50eb85267a90f6c34cfe0aea502db07c5083964b357532a4c031df2385d
SSDEEP

768:jcxTS46lbHeV1CLEBV8twdnO7gkXmcxT6:jcxTS4wBI8tUsmcxT6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40ccbb80f9913c0010862f5a332466b7c9f4e2ad53b133a8e8d21b204e92942d.exe

Files

40ccbb80f9913c0010862f5a332466b7c9f4e2ad53b133a8e8d21b204e92942d.exe
.dll windows:4 windows x86 arch:x86

b4419ffa0a011445bb4ad0c56c76d979

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
OpenEventA
CreateEventA
GetModuleFileNameA
DeviceIoControl
DeleteFileA
GetCPInfoExA
GetACP
TerminateThread
SetEndOfFile
SetComputerNameW
ResumeThread
ExitProcess
ExitThread
OpenProcess
GetCurrentProcess
GetLastError
VerLanguageNameA
TerminateProcess
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualFree
VirtualAlloc
CreateThread
Sleep
GetTempPathA
CreateFileA
WriteFile
CreateProcessA
GetLocalTime
GetTickCount
VerLanguageNameW
CreateToolhelp32Snapshot
Process32First
Process32Next
DisableThreadLibraryCalls
CloseHandle

user32

GetWindowThreadProcessId
wsprintfA
PostMessageA
GetWindowTextA
EnumWindows
GetMessageA
PostThreadMessageA
GetInputState

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

gdi32

GetBkColor
GetBkMode

advapi32

LookupPrivilegeValueA
RegCloseKey
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
ControlService
OpenServiceA
DeleteService
OpenSCManagerA

shell32

ShellExecuteExW

msvcrt

time
_strlwr
strrchr
strstr
__CxxFrameHandler
srand
memcpy
sprintf
strcpy
strcat
strlen
??3@YAXPAX@Z
memset

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueIndexA
VerQueryValueIndexW
VerQueryValueW

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4419ffa0a011445bb4ad0c56c76d979

Headers

File Characteristics

Imports

kernel32

user32

wininet

gdi32

advapi32

shell32

msvcrt

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.code Size: 1024B - Virtual size: 714B

.pata Size: 4KB - Virtual size: 4KB

.uata Size: 4KB - Virtual size: 4KB

.rata Size: 4KB - Virtual size: 4KB

.zata Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 34KB - Virtual size: 33KB

.code
Size: 1024B - Virtual size: 714B

.pata
Size: 4KB - Virtual size: 4KB

.uata
Size: 4KB - Virtual size: 4KB

.rata
Size: 4KB - Virtual size: 4KB

.zata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB