cf184c7e75c571ec3505f603858e6224a6c7fca8ae205ee742c8b8b1fa470a2eN

Sharing

Copy URL Twitter E-mail

General

Target

cf184c7e75c571ec3505f603858e6224a6c7fca8ae205ee742c8b8b1fa470a2eN
Size

372KB
MD5

f23c3cf8ab865a853ef57fa9dd3ec7f0
SHA1

bdfddc99f3f60419443d01d36b9fc10d2d7a610a
SHA256

cf184c7e75c571ec3505f603858e6224a6c7fca8ae205ee742c8b8b1fa470a2e
SHA512

de4ec66446c9d890b03c98c5447653e687331407e64baf3d3d9fce9dbd61c663d7f85ad077c82d0dc58c9c03be690742df8d0bb5ba02ab008b7a68384a5278db
SSDEEP

6144:IvmR5yeeOO0GzLZIBMvCq5MQVPnSWnNZ5PCdEuelCKGjRek+NFlqWh:56eUzJCiSYNLPAEZCIkcB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf184c7e75c571ec3505f603858e6224a6c7fca8ae205ee742c8b8b1fa470a2eN

Files

cf184c7e75c571ec3505f603858e6224a6c7fca8ae205ee742c8b8b1fa470a2eN
.exe windows:4 windows x86 arch:x86

02290058a7a86d71e3a3b56aa9de9bcd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExA
DeferWindowPos
OpenIcon
WindowFromPoint
IsWindowUnicode
GetWindowThreadProcessId
GetParent
BeginDeferWindowPos
SetWindowPlacement
GetDlgItemTextA
CascadeWindows
GetTopWindow

gdi32

CancelDC
CopyEnhMetaFileA
ChoosePixelFormat
CreateCompatibleBitmap
BitBlt
CopyMetaFileA
CombineTransform
GetBitmapDimensionEx
ExtCreateRegion
Arc

kernel32

GetCPInfo
LeaveCriticalSection
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetSystemDefaultLangID
LocalLock
LocalHandle
ReleaseMutex
MultiByteToWideChar
WaitForMultipleObjects
SetLocaleInfoA
HeapDestroy
WideCharToMultiByte
GlobalSize
LCMapStringA
GetProcAddress
CopyFileA
VirtualAllocEx
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess

secur32

ExportSecurityContext
EncryptMessage
DecryptMessage
MakeSignature
CompleteAuthToken
AcceptSecurityContext
VerifySignature
FreeCredentialsHandle
ApplyControlToken
DeleteSecurityContext

netapi32

NetUserChangePassword
NetGroupAdd
NetAuditRead
NetConfigSet
NetErrorLogClear
NetGroupAddUser
NetGetJoinInformation
NetConnectionEnum
NetGetDCName
NetGetAnyDCName
NetConfigGetAll
NetFileGetInfo
NetErrorLogWrite

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zqm
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02290058a7a86d71e3a3b56aa9de9bcd

Headers

File Characteristics

Imports

user32

gdi32

kernel32

secur32

netapi32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 79KB

.zqm Size: 333KB - Virtual size: 332KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 79KB

.zqm
Size: 333KB - Virtual size: 332KB

.rsrc
Size: 3KB - Virtual size: 2KB