484e5a22e29cb4bc870b1e9d6055f65d5adfb47d2434d3de046450e51bc44e11

Sharing

Copy URL Twitter E-mail

General

Target

484e5a22e29cb4bc870b1e9d6055f65d5adfb47d2434d3de046450e51bc44e11
Size

4.4MB
MD5

b2951a7e5e6419429c3581ec6a35437d
SHA1

0dde5060b5c50e62a19e19070d179e448dd27f7d
SHA256

484e5a22e29cb4bc870b1e9d6055f65d5adfb47d2434d3de046450e51bc44e11
SHA512

ddd85ae5daebfe41b230f165cbbf080bb2e19de1b37222233b317862a5783aada8b09aceb7f04ad89685adde6282abc7588370cbfd25229c6f489a42100a98c0
SSDEEP

98304:OzReJN1e/jmUEGF+Tx5FeR36/bkydLgV1y2LQAxHbG6cjw+DME:OdeJN1wqUeTx5FG36Iydc1IAxHbG6rE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
484e5a22e29cb4bc870b1e9d6055f65d5adfb47d2434d3de046450e51bc44e11

Files

484e5a22e29cb4bc870b1e9d6055f65d5adfb47d2434d3de046450e51bc44e11
.exe windows:4 windows x86 arch:x86

b4bc905431a1ef45b6a07548047e50cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

winmm

waveOutPrepareHeader

ws2_32

gethostbyname

kernel32

GlobalReAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DeleteMenu

gdi32

SetPolyFillMode

winspool.drv

OpenPrinterA

advapi32

RegSetValueExA

shell32

SHGetSpecialFolderPathA

ole32

CreateILockBytesOnHGlobal

oleaut32

SafeArrayGetElement

comctl32

ImageList_Create

oledlg

ord8

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Exports

Exports

��C�z�R��?�f�8DM�2�D�/�Hm�p��Xz�C4�u��G�'�K~ɖ�/C ��~�蚖v�!�caB ղE+�s5|5��+��C�Z+��D7Zm}f��7X\��`©�Mu �n��>�k{*�T�s2��M�U�N�_�4��V�0]kص�[հ��|��Ikn��GՆ�L|�J��o��i��B��=��PͤǓ�g*�J1�ۢZ��Z��c�� 8��v�m�g��f�s6��h\�$��:sf��]�G�j�Q��R(7@�6ߦw�m�^4o��o7�z)s�-�Q��"�y��u�� 1�� g+��6��~P�Y�]W��xW��C"��~�oz��y��B8�]_��:��;��Z*�� s+⡏ ��qKb�=�#�j4�?t��h*��Cb�j`5�� f�� d��UTʰv;�~Q6� ��Rh�7e9q��^�֠U4芚jN{N��:�K��t��]�bdY��#��do&��:�:��ʒ��{��n�(U�.�7 2rb��f��%گ�+J5Ì�j��ƟpQ&�m��(.a�}�`��׫V��i�Dv��B�ɩNW�k��}(_YT. �P��j%��7&2��НZ��>�� ;��f>�TQf��[�G=RY:��sc$�/7D��s��@�j m�l̓��/ &y��- �m"g�<ט�� _�c�ܴ z,ҷ�M��z2�̵��H/�l ��K�5tܠj�6�)��S~�8�"��@��XڴD(��r+�X��3.�dA)�� `�b��q{��'P�_��;�s�jSDq+0�Gk�VZ.g�b� ��tڸ0O�� rz��&�?y�J�b��+c��Wᬬ��Zͨ(R�|�mqX��SU�[Zp��ruڒ��u��\�f��b��v�d��d�� .�񧽝�� C8��l�N��&LP#⹜kF��9#�yZ �[��m[�+��+�n��nZ��_� ��a�[��l�N]�v�c-��-A��C�~� ��v��!��haC��2��C ��})�)��U0��m�Eo��D�vf T ^͌"�5;��>��j��\/9��L�[:��c�o'D ��K/�+ـ��0�`d��xA�>�&�Bu�Wd A�γ��pD�s�EK�a.;/� &�H�Wp?�ΐX�*��"��3- ��t0�7Aj��0��o�3Pg��'|͈�;*},�oպDys�siqW/sf2�[��N�=��9�/��Է2lU߽�e�!xL ʖ�I�N�W,O�B.��E��W�D��=� B+�X04Li�=��b�o�qd�d+,��^E�aC��S�n��6}N�D��+ �S��bG<$��C��>��PEw33W!l��޳6�C�� j7��ϕE��ǰ�<�(�rE=0 � ��+��ɹ�w\G�߸��m�v]�Co0��,}63��ӳ��,�+��Q�0�ҵD�U�-T}��u�ٹ��Ҟt"s�Y��:�u؃2��_-�`�ʯ#�[]��8��3��.Q�:��-��y�馟��΢ �"N_�J�Ve�PmjI��Z򮨘�J�[KpAr��+��3KS�~�%�ZYc�W1�3ՊdΦ��`\�pK�� v��`*8�1��K��vT��*!\�i�SC8҄:�܃u.\�$d��i��J�T)�Ӆ�kBGF�<k2��Z�q�=�T�>��M1��r��T�Ec�@Al m��嗾�@�|�� [;Wt ;M^� ��X��7��K�EcFÏ��v�;��t&iz�(�%7wC_1�<M\�� 6��W�j�gTU !��ߟ��o@��45��Pu�"�aR��Y�� 9s1��Y$g{e�s��ByY!�b��HR�Y�5 ��nR��N��殻��c \�S'}k釫(O��0��I��?��X�Q A�|fblB��IA��{9ӋqČ@��c��.=7_�dUU��RU�[|��^�|�m�� `�+ c_$ee �Ԇ}�*`�9�2 �䶟^�UID�F��]��?��\��aV��ᥢQ��3�wHiÕ{XD/*D��֑��ﰷl�Ӭ��YJ5�v}��:V�<�2�hZK�(t��Yy��m��~�T�(NV �Pɹ�g�Dn/��lBm-��|��.��D�)�q!K��l=�� ؓL&�`�Ta%�,�6�P�.��I�f��?U�q:��>Z��31��F7�l��O(��?5󣞛<�1�{qH28>_��0�;�xv&�vs�E��S��-g�^�S�x�qap2��g�j�t��r^��KM��q.��R3��=��*��|� qy�4�BX��d'Y/isʧXT�ʮ�n��?�Os��ιV�?�T�<6A��1��'M�R��v*{��.*�gf�A[h�Q��u��N� ��M]�3p�#R�g�RAX�Q OP& �I��<��/h�%��&��J�!�2Ekhʎ�*_I��n��lk�p�ū��M��C��YAG��l�ﴍ��]j_��h�3�d+�� C#�� ۀ�Bj�e��R�jz@- ԤA�n�N#��ݼ��w��_Z��N�� b1O� ��,�gN?�C�l��l�QEBf� ��g*=U]pA2��[6�1�W�@�pUF�{�d�{�8.��WfE�#��v�&O�ȃ�o�Ml�)�ɔ0��J��3�Y,��R��|��F�� _k��Jnдff��o��2_z7�� l��6��9�f�,&��Oޅ��!�]�� ě˰�@�

Sections

.text
Size: - Virtual size: 965KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

upx0
Size: - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

upx1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4bc905431a1ef45b6a07548047e50cb

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 965KB

.rdata Size: - Virtual size: 4.4MB

.data Size: - Virtual size: 384KB

upx0 Size: - Virtual size: 362KB

.tls Size: 4KB - Virtual size: 24B

upx1 Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 16KB - Virtual size: 1.5MB

.text
Size: - Virtual size: 965KB

.rdata
Size: - Virtual size: 4.4MB

.data
Size: - Virtual size: 384KB

upx0
Size: - Virtual size: 362KB

.tls
Size: 4KB - Virtual size: 24B

upx1
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 16KB - Virtual size: 1.5MB