f4a4ba569b3a5de40f22bbc2c7075c65040e3f6fc5bd78b87eafe18ad3946a4cN

Sharing

Copy URL

Twitter E-mail

General

Target

f4a4ba569b3a5de40f22bbc2c7075c65040e3f6fc5bd78b87eafe18ad3946a4cN
Size

243KB
MD5

17a94618553d602b5c293246ea6717e0
SHA1

825f78dddf11222c5d4623dc81d4e93a0abaa0c6
SHA256

f4a4ba569b3a5de40f22bbc2c7075c65040e3f6fc5bd78b87eafe18ad3946a4c
SHA512

36dc6f0e7b9119149278a9b4bccd1cfdf53ea6dea12ec5752373e1640855eec41405d6e371019544c45a1f46f191ab943d0122493748a9e65bd49311f1b8e304
SSDEEP

3072:s+SjiShIcGAQIwevNERTM/l2RKLsJrZrrTmKXg52LGgxr9l1:swShRQresrLrraanLGO3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4a4ba569b3a5de40f22bbc2c7075c65040e3f6fc5bd78b87eafe18ad3946a4cN

Files

f4a4ba569b3a5de40f22bbc2c7075c65040e3f6fc5bd78b87eafe18ad3946a4cN
.dll windows:5 windows x86 arch:x86

e1afe69969c3055231a3382326e28fb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X:\Work\PeCancer2009\Versions\pdb\Release\XShell32.pdb

Imports

kernel32

VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
GetModuleFileNameA
CreateFileA
ReadFile
CloseHandle
SetFilePointer
ResumeThread
VirtualProtect
CreateFileMappingA
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FlushFileBuffers
GlobalReAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
GetModuleHandleA
FormatMessageA
CreateThread
GetTickCount
ExitProcess
Sleep
InterlockedExchange
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
DeleteCriticalSection
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
UpdateWindow
ShowWindow
SetWindowRgn
GetDC
CreateWindowExA
GetSystemMetrics
SetRect
RegisterClassExA
LoadCursorA
DefWindowProcA
KillTimer
DestroyWindow
PostQuitMessage
EndPaint
BeginPaint
DialogBoxIndirectParamA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowTextA
GetDlgItem
SetWindowTextA

gdi32

DeleteObject
CreateDIBitmap
DeleteDC
CombineRgn
ExtCreateRegion
BitBlt
SelectObject
CreateDIBSection
GetObjectA
CreateCompatibleDC
StretchDIBits

Sections

.text
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.more
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 107KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1afe69969c3055231a3382326e28fb3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Sections

.text Size: 95KB - Virtual size: 96KB

.more Size: 512B - Virtual size: 4KB

.edata Size: 107KB - Virtual size: 112KB

.reloc Size: 39KB - Virtual size: 40KB

.text
Size: 95KB - Virtual size: 96KB

.more
Size: 512B - Virtual size: 4KB

.edata
Size: 107KB - Virtual size: 112KB

.reloc
Size: 39KB - Virtual size: 40KB