4582db46ecec32ccf0640df2ea2cd3b4720bb20124b77c909450bc340003ee74

Sharing

Copy URL Twitter E-mail

General

Target

4582db46ecec32ccf0640df2ea2cd3b4720bb20124b77c909450bc340003ee74
Size

63KB
MD5

c510e425f8bc1e39d37493db886dbffe
SHA1

af5120c8d6bfe8d4e2e27b0736073dcf26071e0c
SHA256

4582db46ecec32ccf0640df2ea2cd3b4720bb20124b77c909450bc340003ee74
SHA512

6925054dbfba4e04ff008ad4260587fd31f3b7f29f0529dd8dd13dd3b01015fdab797bbba838a12da5057efd5aa1cf47bccfd64e2f624c00fcb1b6e15f613f40
SSDEEP

1536:qZy2HsHdHihgA1T91XXaY2p7rk6HSrtrRAV:qZyUaih5fCp7rk6HSrBRAV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4582db46ecec32ccf0640df2ea2cd3b4720bb20124b77c909450bc340003ee74

Files

4582db46ecec32ccf0640df2ea2cd3b4720bb20124b77c909450bc340003ee74
.exe windows:5 windows x86 arch:x86

a3f55b894389850d36c415a321707043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cipher.pdb

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_wcsnicmp
printf
_except_handler3
memcpy
memset
wcscpy
wcscat
fgetws
towupper
_iob
fgets
_putws
wcscmp
malloc
free
swprintf
_wcsicmp
wcschr
wcslen
_get_osfhandle

advapi32

SetUserFileEncryptionKey
QueryUsersOnEncryptedFile
CryptGetUserKey
FreeEncryptionCertificateHashList
CryptAcquireContextW
CryptGenKey
GetUserNameW
CryptDestroyKey
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
DecryptFileW
RegCloseKey
EncryptFileW

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryA
GetModuleHandleW
GetVersionExA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
SetLastError
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
GetConsoleMode
GetStdHandle
GetFileType
LocalFree
WriteFile
LocalAlloc
WideCharToMultiByte
lstrlenW
WriteConsoleW
FormatMessageW
lstrcpyW
lstrcatW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetFileAttributesW
GetComputerNameW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
CloseHandle
CreateFileW
FindVolumeClose
FindNextVolumeW
GetVolumeInformationW
FindFirstVolumeW
SetErrorMode
EnterCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
GetConsoleOutputCP
lstrlenA
SetConsoleMode
DeleteCriticalSection
VirtualAlloc
InitializeCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InterlockedExchangeAdd
VirtualFree
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
SetEndOfFile
SetFilePointer
RemoveDirectoryW
FlushFileBuffers
GetTempFileNameW
CreateDirectoryW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumePathNameW
VerifyVersionInfoW
VerSetConditionMask
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
QueryPerformanceCounter

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

shell32

CommandLineToArgvW

user32

wsprintfW
MessageBoxW

crypt32

CertOpenStore
CertCloseStore
CertAddCertificateContextToStore
PFXExportCertStoreEx
CertStrToNameW
CertCreateSelfSignCertificate
CertFreeCertificateContext
CryptEncodeObject
CertFindCertificateInStore
CertGetCertificateContextProperty

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a3f55b894389850d36c415a321707043

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

rpcrt4

shell32

user32

crypt32

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 20KB - Virtual size: 84KB

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 20KB - Virtual size: 84KB