fax_2014_05_21_1F9765468C[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fax_2014_05_21_1F9765468C.exe
Size

78KB
MD5

90bbdcc5085a9da77624bd2661f3f384
SHA1

f6111392b465d17bbe7e10bba5317f38d3ef3e1d
SHA256

ce32c738e9a7dbc5fe0eedf68593e3d6f03f0e740d86511349c8ae1f69edb577
SHA512

ed6a86666ebfa2104a7177a022aa21614b71d77de9e1fdce29a8d63b38e174b5f9b24d027c11084bdc24657533b874d135263cbde8f8fc4b36d92b0ba3824da0
SSDEEP

1536:RjbGQwscfEr3o4j2q/gAiIcFW+oXel/xKu5AH9H:RjgscfAo4j22E7oOfqHF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fax_2014_05_21_1F9765468C.exe

Files

fax_2014_05_21_1F9765468C.exe
.exe windows:4 windows x86 arch:x86

0f43ae7fdf5eeb322bff0809b198c5db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndDialog
DialogBoxParamA
SendMessageA

kernel32

SystemTimeToTzSpecificLocalTime
ExitProcess
GetProcAddress

msvcrt

_ismbbkpunct
_fcvt
wcspbrk
_mbsnbicmp
_initterm
sprintf
_getdrives
_filbuf
_wgetcwd
_Getdays
_adj_fdivr_m64
exp
_getdrive
_heapchk
_lrotl
_j1
_localtime64
_flsbuf
wcstombs
_mbscspn
_pipe
_ctype
_EH_prolog
_futime64
_wpopen
_fileno
_mktemp
_fpieee_flt
_heapwalk
_getdllprocaddr
_inpd
_getsystime
_inpw
_clearfp
_mbctokata
_fullpath
__p__commode
vswprintf
mbtowc
_ecvt
isalpha
_fdopen
_seh_longjmp_unwind
_endthread
_getche
_ismbcspace
_filelengthi64
frexp
__p__iob
_mbsrchr
_wrename
_wchdir
_expand
_itoa
_mbcjmstojis
wcsrchr
_ui64tow
__wgetmainargs
_pwctype
_mbsninc
_setsystime
_ismbcdigit
__fpecode
_makepath
__p___initenv
_copysign
_yn
__p__winver
_mbstok
_wstati64
__p__fmode
_adj_fdivr_m16i
wcschr
_commode
wcstol
__p___wargv
iscntrl
_assert
_kbhit
_mbsncpy
strncat
_wtoi
_adj_fprem1
islower
__lc_handle
_ismbcgraph
_putenv
__argc
_CItanh
_mbsnset
_mbspbrk
_wspawnlpe
__mb_cur_max
__p___mb_cur_max
_toupper
_adj_fdiv_m32
_lsearch
wcsspn
wcsncat
_mbsnicoll
_outp
strncmp
__RTCastToVoid
_open
time
_callnewh
pow
wcscpy
_cscanf
_mbctombb
_getmaxstdio
sqrt
isprint
_ftime
_ctime64
strcat
scanf
_isatty
_ismbcl1
_CIasin
_mbbtombc
_fcloseall
fscanf
_adj_fdivr_m32i
_CIsinh
_fpclass
_lfind
_wfullpath
_wexecl
__STRINGTOLD
_cabs
_spawnvpe
_ismbbprint
iswprint
_waccess
__iscsymf
_hypot
_stati64

shlwapi

PathGetArgsW
UrlApplySchemeA
UrlCombineA
SHRegEnumUSValueA
PathIsDirectoryA
PathMakePrettyA
PathCreateFromUrlW
PathRemoveArgsW
PathRemoveBackslashW
StrStrW
StrCmpW
PathCreateFromUrlA
StrRetToStrW
StrCpyNW
PathCommonPrefixA
SHCopyKeyA
StrChrIW
IntlStrEqWorkerA
PathMatchSpecW
PathStripToRootW
PathUndecorateW
PathBuildRootA
ColorAdjustLuma
StrRChrA
SHRegGetPathA
PathQuoteSpacesW
PathAddExtensionA
SHSetThreadRef
PathParseIconLocationW
SHRegDeleteEmptyUSKeyW
AssocQueryKeyW
PathRemoveFileSpecW
PathRemoveBlanksA
SHCreateStreamOnFileA
SHRegOpenUSKeyW
PathSkipRootA
StrIsIntlEqualA
UrlIsA
PathRemoveFileSpecA
SHOpenRegStreamW
StrFormatByteSize64A
PathMakePrettyW
PathAddBackslashA
StrCmpNA
PathSetDlgItemPathW
PathIsDirectoryEmptyW
PathAppendW
SHDeleteValueW
SHRegCloseUSKey
SHRegCreateUSKeyA
PathIsRelativeW
StrCmpIW
PathRemoveExtensionW
SHRegEnumUSKeyW
PathIsNetworkPathW
SHOpenRegStream2A
SHDeleteOrphanKeyW
StrPBrkW
PathIsUNCServerA
PathIsDirectoryEmptyA
SHRegDeleteUSValueW
StrCatW
SHSetValueA
SHDeleteEmptyKeyW
PathUnquoteSpacesA
PathIsUNCServerW
StrCmpNIA
SHRegGetUSValueA
PathIsLFNFileSpecA
SHGetThreadRef
PathStripPathW
PathRelativePathToW
UrlCanonicalizeW
UrlCompareW
SHEnumKeyExW
PathRemoveExtensionA
PathGetArgsA
StrToIntExA
PathIsDirectoryW
PathCommonPrefixW
PathIsNetworkPathA
PathGetCharTypeW
PathIsFileSpecW
StrFormatByteSizeW
SHOpenRegStream2W
StrToIntW
StrRetToBufW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f43ae7fdf5eeb322bff0809b198c5db

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

shlwapi

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 14KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 12KB

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 14KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 12KB