7b4cf4ffba7154511232f2bb149269353a26691bfc4af5f8eab89efb1ca740cf

Sharing

Copy URL Twitter E-mail

General

Target

7b4cf4ffba7154511232f2bb149269353a26691bfc4af5f8eab89efb1ca740cf
Size

350KB
MD5

f5c3999c83d78dfb4b27df2423c0df47
SHA1

d05168d9f293efbc9c0e2f268bf0753fc55914be
SHA256

7b4cf4ffba7154511232f2bb149269353a26691bfc4af5f8eab89efb1ca740cf
SHA512

bff773ed8dc10037506c6c8c0483f5e4dc5cdc7c73425011d9ebfa2a4f8b74b126359ec53c92ef1721c5cad9263077ffa16d365da8488041d3ad5c8da825be7e
SSDEEP

768:mXNFwttl/+BMwQqWRat/ygGKQdl1wOKLoox:eNFwttlmTP6gGKQdiow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b4cf4ffba7154511232f2bb149269353a26691bfc4af5f8eab89efb1ca740cf

Files

7b4cf4ffba7154511232f2bb149269353a26691bfc4af5f8eab89efb1ca740cf
.exe windows:4 windows x86 arch:x86

556d31693ca174a1d18fa4022d1b0e1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetVersionExW
GetComputerNameW
Sleep
FreeLibrary
LoadLibraryA
WaitForSingleObject
CreateThread
CloseHandle
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
WriteFile
CreateFileW
CreatePipe
WideCharToMultiByte
ReadFile
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
GetCurrentThread
GetLastError
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetSystemInfo
TerminateProcess
MultiByteToWideChar
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
GetACP
GetCPInfo
SetFilePointer
HeapReAlloc
VirtualAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

wsprintfW

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
OpenThreadToken

shell32

ShellExecuteW
ShellExecuteA

wininet

InternetReadFile
InternetOpenW
InternetSetOptionW
InternetCloseHandle
InternetConnectA
HttpOpenRequestA

psapi

EnumProcessModules
GetModuleFileNameExW

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
inet_addr

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

556d31693ca174a1d18fa4022d1b0e1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

psapi

ws2_32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 12KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 12KB

.shell
Size: 320KB - Virtual size: 320KB