4b7c6aad6b8365211c747df2ba88cdfdf51f9e6c6c85d831ab037bab50856786

Sharing

Copy URL Twitter E-mail

General

Target

4b7c6aad6b8365211c747df2ba88cdfdf51f9e6c6c85d831ab037bab50856786
Size

15.2MB
MD5

c3336f7bcbde91223d59659dc6710cd8
SHA1

1db66a073781eff72af3f3314e198579dd43b59f
SHA256

4b7c6aad6b8365211c747df2ba88cdfdf51f9e6c6c85d831ab037bab50856786
SHA512

279e4b5235df64c8f96cba123068113f45e4ebef0e9d51ceb8caba3362c7dce548a34d65ff6a0a4a46e11e52e6bc84ba24d567179ec25f397a989b87087c57bc
SSDEEP

393216:8LBOZyvDs3o30DcfVdMJsyzz6b6GYlDFVBJ+gO+asI6KaPjJ:8LZvY4kDctXiQH/gIB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b7c6aad6b8365211c747df2ba88cdfdf51f9e6c6c85d831ab037bab50856786

Files

4b7c6aad6b8365211c747df2ba88cdfdf51f9e6c6c85d831ab037bab50856786
.exe windows:6 windows x86 arch:x86

5b217257a4510aeb3d13f6d1373a8d17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

LoadCursorW

gdi32

CreateRectRgnIndirect

winmm

waveOutPause

winspool.drv

ClosePrinter

comdlg32

ChooseColorA

advapi32

OpenServiceA

shell32

SHChangeNotify

ole32

CoInitialize

oleaut32

SafeArrayUnaccessData

ntdll

ZwQuerySystemInformation

shlwapi

StrToIntExW

mprapi

MprConfigServerDisconnect

wininet

InternetCheckConnectionA

rasapi32

RasEnumEntriesA

ws2_32

shutdown

winhttp

WinHttpReadData

gdiplus

GdipDrawImageRectRect

psapi

GetProcessImageFileNameA

advpack

IsNTAdmin

version

VerQueryValueW

dbghelp

MakeSureDirectoryPathExists

comctl32

ord17

Sections

.text
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvmp0
Size: - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bvmp1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvmp2
Size: 15.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b217257a4510aeb3d13f6d1373a8d17

Headers

DLL Characteristics

File Characteristics

Imports

msvfw32

avifil32

kernel32

user32

gdi32

winmm

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

shlwapi

mprapi

wininet

rasapi32

ws2_32

winhttp

gdiplus

psapi

advpack

version

dbghelp

comctl32

Sections

.text Size: - Virtual size: 2.8MB

.rdata Size: - Virtual size: 11.4MB

.data Size: - Virtual size: 327KB

.msvcjmc Size: - Virtual size: 3KB

.bvmp0 Size: - Virtual size: 5.0MB

.bvmp1 Size: 4KB - Virtual size: 3KB

.bvmp2 Size: 15.2MB - Virtual size: 15.2MB

.rsrc Size: 9KB - Virtual size: 30KB

.text
Size: - Virtual size: 2.8MB

.rdata
Size: - Virtual size: 11.4MB

.data
Size: - Virtual size: 327KB

.msvcjmc
Size: - Virtual size: 3KB

.bvmp0
Size: - Virtual size: 5.0MB

.bvmp1
Size: 4KB - Virtual size: 3KB

.bvmp2
Size: 15.2MB - Virtual size: 15.2MB

.rsrc
Size: 9KB - Virtual size: 30KB