767e4cecf0c7e009ec8edd90fb8d7d5a2650fbc643b902714f7378e170b5409a

Sharing

Copy URL

Twitter E-mail

General

Target

767e4cecf0c7e009ec8edd90fb8d7d5a2650fbc643b902714f7378e170b5409a
Size

416KB
MD5

a5c1fc3bca218a313aca14344cefe206
SHA1

dcb0aaac274f4c1f103f648d1c6d6642ecfeab05
SHA256

767e4cecf0c7e009ec8edd90fb8d7d5a2650fbc643b902714f7378e170b5409a
SHA512

bfc3f591a766428b555b80da1c77496fd24e6905f35a1e8748b43b8e7ba26575f20a4558672e8bcd8ab4e3cefcf1d8c85b9de0acd66c935b5d6ae817bfe2e1ff
SSDEEP

6144:CHHIrZYMEMiJ7WjOEvst6VQahfstiUjJbbv1AOQGnWHapfhlCvQM:CHGTESSEi6VQ2feJXv1qnICvQM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
767e4cecf0c7e009ec8edd90fb8d7d5a2650fbc643b902714f7378e170b5409a

Files

767e4cecf0c7e009ec8edd90fb8d7d5a2650fbc643b902714f7378e170b5409a
.exe windows:5 windows x86 arch:x86

Password: infected

d4eed3bfa40f09c22afd522dd4cd1df5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\SilentUpdater7\Release\ajfhkjjhdffghd.pdb

Imports

kernel32

GetProcessHeap
CompareFileTime
FindNextFileW
GetCurrentProcess
lstrlenW
InterlockedDecrement
TerminateProcess
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
GetVersionExW
OpenProcess
GetVersion
CreateToolhelp32Snapshot
MultiByteToWideChar
Process32NextW
DeleteCriticalSection
Process32FirstW
GlobalFree
CloseHandle
GetSystemInfo
WideCharToMultiByte
GetSystemTime
GetFileTime
WaitForSingleObject
CreateProcessW
GetTempFileNameW
CreateDirectoryW
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
FreeLibrary
SetEndOfFile
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
DeleteFileW
GetLastError
Sleep
HeapSize
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
HeapFree
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
RtlUnwind
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WaitForSingleObjectEx
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
ReadFile
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
LocalFree
SetEvent
ResetEvent

user32

CharLowerBuffW
wvsprintfW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegEnumValueW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
SHFileOperationW

ole32

CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VarBstrCmp
SysStringLen
VariantInit
SysFreeString
SysAllocString
SysAllocStringLen
GetErrorInfo
VariantClear

winhttp

WinHttpQueryHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpReadData

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

urlmon

URLDownloadToFileW

userenv

GetUserProfileDirectoryW

rpcrt4

UuidToStringW
UuidCreate

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d4eed3bfa40f09c22afd522dd4cd1df5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

urlmon

userenv

rpcrt4

Sections

.text Size: 285KB - Virtual size: 284KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 4KB - Virtual size: 7KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 285KB - Virtual size: 284KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 4KB - Virtual size: 7KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 14KB - Virtual size: 14KB