1401626c6bc3cdd0854e0a788ada4040[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1401626c6bc3cdd0854e0a788ada4040.exe
Size

544KB
MD5

1401626c6bc3cdd0854e0a788ada4040
SHA1

d042c49f27f314a5f8e0eb339a2c854bcba197ab
SHA256

f925e412465eb58c78d0ca8d4bd2716e03024fbc2dab07c4fcd1c9b73aaf1e39
SHA512

2aeed1198c16d1d5f98bab863f797908f3a6432b23301d9e19b76b4db338e36320ac6ac63d524a4161285c4813de1fe6b7c56db473e6361bb7446913b72b5931
SSDEEP

6144:ulsT49Wok+oFG3LhZ3cNS5aSQVAy5UspjjlxqvAE4nQHS2:ulsTokudZ3cNS5aSQVAyUKjjKAEWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1401626c6bc3cdd0854e0a788ada4040.exe

Files

1401626c6bc3cdd0854e0a788ada4040.exe
.exe windows:4 windows x86 arch:x86

ff18f462e3ec5c813c8d77e8ea15dc4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapAlloc
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
UnhandledExceptionFilter
ReadFile
WideCharToMultiByte
CloseHandle
FlushFileBuffers
GetCurrentProcess
TerminateProcess
InterlockedIncrement
LoadLibraryA
GetProcAddress
FreeEnvironmentStringsW
InterlockedDecrement
WriteFile
DebugBreak
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapValidate
IsBadReadPtr
IsBadWritePtr
DeleteFileA
GetLastError
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetStdHandle
CreateFileA
LCMapStringA
LCMapStringW
RaiseException
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalMemoryStatus
_lwrite
_lopen
_lread
_llseek
_lclose
GlobalFree
GlobalAlloc
GetTickCount
lstrlenA
GlobalHandle
GlobalUnlock
GlobalReAlloc
OutputDebugStringA
GlobalLock

user32

GetMessageA
PeekMessageA
TranslateMDISysAccel
TranslateAcceleratorA
TranslateMessage
FindWindowA
GetDesktopWindow
LoadAcceleratorsA
EnableWindow
GetDlgItem
SetDlgItemTextA
LoadIconA
LoadStringA
wvsprintfA
DispatchMessageA
wsprintfA
MessageBoxA
SetCursor
LoadCursorA
CheckDlgButton
PostMessageA
IsDlgButtonChecked
SetFocus
IsWindowEnabled
SetTimer
WinHelpA
KillTimer
DestroyWindow
CreateDialogParamA
UpdateWindow
ShowWindow
EndDialog
DialogBoxParamA
CallWindowProcA
SendMessageA
GetParent
GetWindowLongA
GetDlgItemTextA
SendDlgItemMessageA
SetWindowLongA
PtInRect
GetCursorPos
GetWindowRect
InvalidateRect
SetWindowTextA
GetSystemMetrics
ReleaseDC
GetDC
GetDoubleClickTime
IsIconic
EndPaint
SetWindowPos
GetSysColor
GetClientRect
BeginPaint
DefMDIChildProcA
GetActiveWindow
SetDlgItemInt
GetWindowTextA
GetDlgItemInt
SetScrollPos
SetScrollRange
FillRect
IsDialogMessageA
BringWindowToTop
GetWindow
ModifyMenuA
CheckMenuItem
EnableMenuItem
AppendMenuA
DeleteMenu
GetSubMenu
RegisterClassA
DestroyCursor
PostQuitMessage
CreateWindowExA
DefFrameProcA
GetMenu

gdi32

StretchBlt
DeleteObject
DeleteDC
GetStockObject
SetBkColor
SetTextColor
GetTextMetricsA
Rectangle
SetStretchBltMode
SetPixel
LineTo
MoveToEx
CreateCompatibleBitmap
TextOutA
SetTextAlign
SetBkMode
CreateFontIndirectA
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBitmap
RealizePalette
SelectPalette
CreatePen
CreateSolidBrush
CreatePalette

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

winmm

waveOutPrepareHeader
mmioAdvance
mmioGetInfo
mmioAscend
mmioWrite
mmioClose
mmioCreateChunk
mmioOpenA
waveInClose
waveInUnprepareHeader
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInGetErrorTextA
waveOutClose
waveOutReset
waveInOpen
waveInReset
waveOutGetErrorTextA
waveOutOpen
waveOutUnprepareHeader
waveOutPause
waveOutRestart
mmioRead
mmioDescend
waveOutWrite
waveOutSetVolume
mmioSetInfo

wsock32

ntohl
send
sendto
gethostbyaddr
WSAAsyncGetHostByAddr
gethostname
closesocket
connect
htons
WSAAsyncSelect
htonl
WSACancelAsyncRequest
setsockopt
select
inet_addr
gethostbyname
ioctlsocket
WSAAsyncGetHostByName
ntohs
recvfrom
socket
WSAStartup
WSACleanup
WSASetLastError
recv
bind
WSAGetLastError
shutdown

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA

Sections

.text
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff18f462e3ec5c813c8d77e8ea15dc4b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

winmm

wsock32

advapi32

Sections

.text Size: 224KB - Virtual size: 220KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 16KB - Virtual size: 197KB

.rsrc Size: 280KB - Virtual size: 277KB

.text
Size: 224KB - Virtual size: 220KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 197KB

.rsrc
Size: 280KB - Virtual size: 277KB