bb46f0da175c31431b94ed00b1ed762d357fecec51e5542112af7fd5800d628cN

Sharing

Copy URL Twitter E-mail

General

Target

bb46f0da175c31431b94ed00b1ed762d357fecec51e5542112af7fd5800d628cN
Size

64KB
MD5

08b9971a08109781b1e257f3dab1d0b0
SHA1

4b1e833ac254625a37e6991a4b4e36520695e258
SHA256

bb46f0da175c31431b94ed00b1ed762d357fecec51e5542112af7fd5800d628c
SHA512

ee4ef697636887ea63ea27acffd521f1daaec86febcb797591feb3d20e1455cb2734cd6b6555b9ea8a5ae674b7e72485c96fc30b8f09adb6505324dbb0cac5e2
SSDEEP

1536:+paaz/MvQ+ChhSxcBSMw5bKyKmid3jqfpXx04YvN83:+koM9CbSxqwpHmqfp7YvN83

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb46f0da175c31431b94ed00b1ed762d357fecec51e5542112af7fd5800d628cN

Files

bb46f0da175c31431b94ed00b1ed762d357fecec51e5542112af7fd5800d628cN
.exe windows:11 windows x86 arch:x86

e88a9c005627a318845bb7cec7174f8b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\Master\Slack\reffer.pdb

Imports

shlwapi

ChrCmpIW
UrlGetPartA
UrlIsOpaqueW
ord29
StrCmpLogicalW
StrCatBuffW

user32

DestroyAcceleratorTable
MapDialogRect

kernel32

lstrcpyA
GetProfileIntW

Exports

Exports

?InsertDeviceOldXHPAMPAG
?FindListOldKPANPAKN
?CancelTimerExWPA_NFPAKF
?SetTimeOldGMF
?SetHeightExPAJPAFPAIH
?InstallDateTimeOldPAX_NGEPAM
?EnumPenOriginalPAKEFH
?GetWindowNewGI
?InsertThreadWPAJEPAK
?GetAnchorExWPAE_NPAF
?IncrementDateTimeWKPAHPAKG
?GlobalProfileOriginalPAKE
?InsertSectionOldPAFH
?IsEventAXPAN
?GetCharOldNHEPAKPAH
?IncrementVersionExPAMPAG
?FreeConfigOldPAFPAJIIPAF
?IsNotFolderPathExAPAXJHH
?CallCommandLineExWEPAJGI
?CloseArgumentOriginalNPANIMPAF
?InsertValueOldXIJ
?ShowMessageWPAEPAEPAN
?InsertHeaderExAMJ
?InstallStringOriginalFGPAG
?CopyFullNameWPAXEPAJPAM
?GlobalProcessExWXPANM
?DeleteMemoryGPA_N_NJ
?InsertPathWNGD
?IncrementTaskExWEPAHPAM
?EnumTaskOldFD
?LoadFileExADJG
?IsMemoryExWJDPAKPAF
?GetDateTimeOldPAKPAK
?ShowKeyNameOldEJJIPAF
?ModifyThreadOriginalPAXJPAJ
?KillDateTimeWPAND
?IsModuleNewIEEK
?SendComponentWPADPAJFPAKM
?DeleteOptionAPAFE
?ModifyWindowNewJIF
?KillDirectoryPAKPAJPADM
?IsValidCommandLineWPANGHEF
?HideExpressionExWPAXKPAGM
?CopyMonitorPAGPAKFF
?AddTimerWPAINF
?HideDateOriginalIJ
?IncrementSectionExWED_N
?GlobalProjectNewPAKPAJJ
?CloseSemaphoreNewHD
?DeleteDateTimeExAJPAEG
?FormatHeightExWEKED
?FreeAppName_NPADPAF
?RemoveDirectoryExWXPAFMMH
?CrtProjectExWXPAMPAJ_N
?GenerateDateTimeNewJEPAHJPAD
?GenerateClassAPAGKFG
?SetMutantANPAFPAF
?ModifyFilePathWDGPAN
?CancelFolderExAGDPAKPAJPAD
?CallRectOriginalJPAMPADPAID
?GlobalSizeExWI_NNF
?PutCharKPAG
?RtlModuleOldNHN
?RtlEventWPAHJ
?FreeCharOriginalIDG
?OnPointExAPAMGG
?AddFileOldHFMJ
?InsertRectWDGE
?KillCommandLinePAIPAKG
?ModifyProcessExWDPADPAE
?RemoveStringOriginalPAMPAJPAHG
?KillProfileExFEPAEJPAF
?CallDateTimeOldPADI_NPAGPAD
?ModifyConfigOldPAJEPAD
?GenerateDataOldPAHN
?OnFilePathNewXFJ
?InsertConfigWIHPAHPADPAJ
?ShowTimeOriginalPAXF
?EnumMutantAJM
?AddFunctionNewJPAEGF
?MutexExAFI
?GetWindowExPA_ND
?InsertEventExWGDJ
?PutSystemExXDE
?FindMediaTypeOriginal_NJMN
?GetVersionNewXFPADK
?SetWidthOldDPAGJ
?CopyDateTimeOldJPAHNEPAM
?InstallFullNameOriginalXGK
?EnumPathAXPAKPAE
?ModifyFullNameOriginalPAJPA_NFED
?EnumSemaphoreExAEIPAJF
?InvalidatePointW_NEH
?HideFilePathExAKFJPAH
?OnAppNameAPAJKPA_NH
?SendSizeWPAJKPAJ
?FindMessageOriginalPAKGFKH
?CallProviderAPAXFFPAJI
?FormatProjectWXMMPAF
?CrtMutexWGPAEPAEPAJ_N
?DecrementProcessOldPAGPAJ
?CloseDeviceOldPAKPAKJJ
?IsNotDateExWXPAM_NPAK
?CancelTimeOriginalGPAGINE
?IsFileOldNNPAN
?ShowRectAPAXPAGPAH
?IsNotMemoryXPAID
?CrtConfigAIPAM
?CancelMutexAPAMF
?PutStateOldHHPAJ
?DecrementDialogExAPAKDD
?SendOptionPAGJ
?GetDataOldF_NI
?CopyDialogExPAFKGPADF
?OnRectExWEPAFJGPAE
?ValidateProfileExAGF
?IsValidFilePathOriginalPAXM
?KillSizeAPAEEHJG
?FormatDeviceNewX_NPADHM
?RtlOptionExAXH
?ValidateFullNameAPAXPADPAHE
?FreeComponentOldPAEPAFPAIN
?FreeThreadJFK
?MemoryOriginalXJPAD
?CloseCommandLineGPAN_N
?ModifyFilePathOldPAFEPADPAI
?FormatNameXM
?ClassPAJH
?InstallAppNamePAIPAE
?CallPenExFEPAK
?KillComponentWIHK
?FindWidthJJPAJ
?LoadAppNameNewPAFJ
?LoadPointOriginalKHPAHG
?InstallAppNameExFJMPAK
?TestingServ@@YGXUtest@CA7
?FreeProjectOldPAHNFJ
?ModifyPathExAPAXMHDD
?GlobalMemoryOriginalJPAMM
?RtlSizeOriginalPAEPAJNGE
?CallWindowExAIGFPAG
?IsNotListNewMPAJJPANK
?IsProfileOriginal_NFPAJPAE
?CallProjectEPAFMEE
?CallSizeExWPAXI
?FindFolderPathOriginalPAEJD
?AnchorANMGPAI
?LoadDataExAPAXENG
?InvalidateKeyNameAGD
?IsNameAIGK
?CancelFunctionExAEID

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jeep
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rase
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cold
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imode
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mode
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heso
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.snap
Size: 1024B - Virtual size: 731B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bost
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vort
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.defo
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e88a9c005627a318845bb7cec7174f8b

Headers

File Characteristics

PDB Paths

Imports

shlwapi

user32

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 451KB

.jeep Size: 5KB - Virtual size: 4KB

.rase Size: 512B - Virtual size: 128B

.cold Size: 512B - Virtual size: 51B

.imode Size: 512B - Virtual size: 316B

.mode Size: 512B - Virtual size: 64B

.heso Size: 512B - Virtual size: 64B

.snap Size: 1024B - Virtual size: 731B

.bost Size: 37KB - Virtual size: 37KB

.vort Size: 37KB - Virtual size: 37KB

.defo Size: 56KB - Virtual size: 56KB

.reloc Size: 39KB - Virtual size: 39KB

.rsrc Size: 21KB - Virtual size: 20KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 451KB

.jeep
Size: 5KB - Virtual size: 4KB

.rase
Size: 512B - Virtual size: 128B

.cold
Size: 512B - Virtual size: 51B

.imode
Size: 512B - Virtual size: 316B

.mode
Size: 512B - Virtual size: 64B

.heso
Size: 512B - Virtual size: 64B

.snap
Size: 1024B - Virtual size: 731B

.bost
Size: 37KB - Virtual size: 37KB

.vort
Size: 37KB - Virtual size: 37KB

.defo
Size: 56KB - Virtual size: 56KB

.reloc
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 21KB - Virtual size: 20KB