f94ad0514e5824406f45efccef7b05eaa1e91df9d883eb095c1d9f36d8c53869

Sharing

Copy URL Twitter E-mail

General

Target

f94ad0514e5824406f45efccef7b05eaa1e91df9d883eb095c1d9f36d8c53869
Size

4.0MB
MD5

d6ceb06a654da7bac0e1ecc37bcbab72
SHA1

57ce1141f4d91c618e809bfc90b311045aa8fa8f
SHA256

f94ad0514e5824406f45efccef7b05eaa1e91df9d883eb095c1d9f36d8c53869
SHA512

432d31aba3ea177942df824cfc4ac0c247892bae656a65e1a53e7022b0e6500351f57da7076e5878d6a4ce6e4d5ac4619e753d069e6ec34aa030b250108ee815
SSDEEP

98304:nejuFFJ8WdTHxJzhtKH/tCuJF4s9J/+WzPnAt42:neyp8W1brKH/tFF40LzIH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f94ad0514e5824406f45efccef7b05eaa1e91df9d883eb095c1d9f36d8c53869

Files

f94ad0514e5824406f45efccef7b05eaa1e91df9d883eb095c1d9f36d8c53869
.exe windows:6 windows x86 arch:x86

9ca646d74e4d6b143e24f528ee0318a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrRetToBufW

version

VerQueryValueW

user32

GetDC

psapi

GetProcessImageFileNameW

oleaut32

VariantInit

advapi32

FreeSid

msvcrt

_gcvt

rasapi32

RasEnumConnectionsW

winhttp

WinHttpOpen

sqlite3

sqlite3_free

wsock32

bind

gdi32

Pie

mpr

WNetGetConnectionW

winmm

timeGetTime

wininet

InternetOpenW

comdlg32

PrintDlgW

comctl32

ImageList_Add

shell32

SHGetMalloc

wjslib

WJSOpen

ole32

OleDraw

iphlpapi

GetIfEntry

ntdll

NtDeleteFile

powrprof

SetSuspendState

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
madTraceProcess

Sections

Size: 3.8MB - Virtual size: 16.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ca646d74e4d6b143e24f528ee0318a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

version

user32

psapi

oleaut32

advapi32

msvcrt

rasapi32

winhttp

sqlite3

wsock32

gdi32

mpr

winmm

wininet

comdlg32

comctl32

shell32

wjslib

ole32

iphlpapi

ntdll

powrprof

Exports

Exports

Sections

Size: 3.8MB - Virtual size: 16.0MB

Size: 6KB - Virtual size: 5KB

.rsrc Size: 182KB - Virtual size: 181KB

.rsrc
Size: 182KB - Virtual size: 181KB