4a20a8e68ac43f4a35d7272d98d61889ddb16b493a739ef2aeac035682dc95b5

Sharing

Copy URL Twitter E-mail

General

Target

4a20a8e68ac43f4a35d7272d98d61889ddb16b493a739ef2aeac035682dc95b5
Size

890KB
MD5

e0153f37fcdcacaf864387c0ef11c11f
SHA1

514ebd186a8d8bd277d78c21a9da66dad81b123e
SHA256

4a20a8e68ac43f4a35d7272d98d61889ddb16b493a739ef2aeac035682dc95b5
SHA512

1b30f693c94650e0a85451ac1fcc8a81503261150a1501f502c706ea720feb6e2ae028d0ad4c6aec3701e64072aa53dc5eca7d272f89ef97c68a1809661c70b1
SSDEEP

24576:X79VNf2FfWl8KuqGavkg3NyNIbbbIoIBAUZLYm:LV+s8KuqGaX0ToIBAUZLYm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a20a8e68ac43f4a35d7272d98d61889ddb16b493a739ef2aeac035682dc95b5

Files

4a20a8e68ac43f4a35d7272d98d61889ddb16b493a739ef2aeac035682dc95b5
.exe windows:4 windows x86 arch:x86

b3e17fbfdb822f0d582db18af4c943ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
GetModuleFileNameA
GetTickCount
DeleteFileA
CopyFileA
MoveFileA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetEnvironmentVariableA
Sleep
CloseHandle
WaitForSingleObject
CreateProcessA
HeapFree
ReadConsoleA
GetStdHandle
GetLocalTime
CreateFileA
SetFilePointer
GetFileSize
WriteFile
GetCommandLineA
LCMapStringA
HeapReAlloc
GetACP
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
GetStartupInfoA
CreateDirectoryA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleTextAttribute

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle

msvcrt

modf
malloc
realloc
free
__CxxFrameHandler
memmove
printf
strstr
_errno
abort
strcmp
memset
memcmp
strlen
strncmp
strncpy
_ftol
atoi
srand
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
sprintf
_getch
rand
_strdup

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PeekMessageA

shlwapi

PathFileExistsA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 800KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 511B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b3e17fbfdb822f0d582db18af4c943ad

Headers

File Characteristics

Imports

kernel32

wininet

msvcrt

user32

shlwapi

advapi32

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 800KB - Virtual size: 800KB

.data Size: 4KB - Virtual size: 64KB

.rsrc Size: 1024B - Virtual size: 660B

.text Size: 512B - Virtual size: 511B

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 800KB - Virtual size: 800KB

.data
Size: 4KB - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 660B

.text
Size: 512B - Virtual size: 511B