6851015438b6c3a822799bd898e286fc7a1304a7f0ec2f51e201a16a78ed151c

Sharing

Copy URL Twitter E-mail

General

Target

6851015438b6c3a822799bd898e286fc7a1304a7f0ec2f51e201a16a78ed151c
Size

1.9MB
MD5

137e5abdc3a6566d542296354dee701a
SHA1

43136e21cd40dcd2c7cdf25a805da7f2d7ec035b
SHA256

6851015438b6c3a822799bd898e286fc7a1304a7f0ec2f51e201a16a78ed151c
SHA512

3858f30eb77c0fd73234d4c8599cbca5c699597ce581db5859c30094948992f545eb476955790e28be6cd48c2ef775e47a7733d1169ea0a368b8262c30e6e1e4
SSDEEP

49152:vtltfP8gWS5BSHj01thR6j+0SidQWwaxlR23Ktgq0T:vt3rhBSHj01th80ieWwaxlkq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6851015438b6c3a822799bd898e286fc7a1304a7f0ec2f51e201a16a78ed151c

Files

6851015438b6c3a822799bd898e286fc7a1304a7f0ec2f51e201a16a78ed151c
.exe windows:4 windows x86 arch:x86

127c2edbc090a11745b40101b0d9c1f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderLocation
SHGetDiskFreeSpaceA
SHFileOperation
SHLoadInProc
SHGetSpecialFolderPathW
CheckEscapesW
CommandLineToArgvW
SHChangeNotify
SHUpdateRecycleBinIcon
ExtractAssociatedIconExW
SHGetPathFromIDListW
DragQueryFile
SHInvokePrinterCommandW
ExtractIconA
SHFormatDrive
SHFreeNameMappings
SHEmptyRecycleBinW
SheChangeDirA
SHQueryRecycleBinW
SHGetFileInfoA
SHBrowseForFolderA
SheChangeDirExW

advapi32

CryptVerifySignatureW
CryptCreateHash
RegDeleteValueW
RegSaveKeyA
CryptVerifySignatureA
RegLoadKeyW
CryptEnumProvidersW
RegCreateKeyA
CryptSetProviderW
LogonUserW
RegCreateKeyExA

wininet

RunOnceUrlCache
InternetTimeFromSystemTimeW
HttpEndRequestW
InternetGoOnlineW
GetUrlCacheConfigInfoA
FtpFindFirstFileA
SetUrlCacheGroupAttributeW
InternetSetOptionExW
FtpRemoveDirectoryW
SetUrlCacheEntryGroupA
RetrieveUrlCacheEntryFileA
FindNextUrlCacheContainerW
FtpSetCurrentDirectoryA
UnlockUrlCacheEntryFileA
ShowX509EncodedCertificate
FindFirstUrlCacheContainerW
GopherOpenFileW

comdlg32

GetFileTitleW
PageSetupDlgA
ChooseColorW

kernel32

GetModuleFileNameW
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualAlloc
GetUserDefaultLCID
InterlockedExchange
VirtualProtect
GetModuleFileNameA
GetCurrentThreadId
CompareStringW
GetCPInfo
GetTimeFormatA
GetProcAddress
TlsSetValue
GetCommandLineA
CompareStringA
GetStartupInfoA
GetEnvironmentStringsW
IsBadWritePtr
SetLastError
GetSystemInfo
GetVersionExA
HeapAlloc
lstrcatW
CreateWaitableTimerW
GetStringTypeW
LCMapStringA
TlsGetValue
GetCurrentThread
SetHandleCount
HeapSize
DeleteCriticalSection
EnumSystemLocalesA
LeaveCriticalSection
HeapReAlloc
GetStringTypeA
GetStartupInfoW
HeapCreate
GetDateFormatA
GetCurrentProcessId
MultiByteToWideChar
IsValidLocale
GetLocaleInfoW
WriteFile
GetSystemTimeAsFileTime
GetLocaleInfoA
InitializeCriticalSection
HeapFree
GetTickCount
GetLastError
GetEnvironmentStrings
GetACP
GetOEMCP
LocalHandle
ExitProcess
GetCommandLineW
IsValidCodePage
VirtualFree
FreeEnvironmentStringsW
TlsFree
QueryPerformanceCounter
TlsAlloc
LCMapStringW
EnterCriticalSection
GetFileType
SetEnvironmentVariableA
LoadLibraryA
WideCharToMultiByte
GetModuleHandleA
FindResourceA
RtlUnwind
TerminateProcess
GetTimeZoneInformation
VirtualQuery
HeapDestroy
GetStdHandle
GetCurrentProcess

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

127c2edbc090a11745b40101b0d9c1f8

Headers

File Characteristics

Imports

shell32

advapi32

wininet

comdlg32

kernel32

Sections

.text Size: 107KB - Virtual size: 107KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 107KB - Virtual size: 107KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 9KB - Virtual size: 8KB