a7e8256fb91239eb7abb54efecb79e43f46da52e167f5eb5fef8674ad5fb408dN

Sharing

Copy URL Twitter E-mail

General

Target

a7e8256fb91239eb7abb54efecb79e43f46da52e167f5eb5fef8674ad5fb408dN
Size

182KB
MD5

192ffa9187fed1bae703e68748582b50
SHA1

49a77533d62376eae3887a446fdf177c64fc11c8
SHA256

a7e8256fb91239eb7abb54efecb79e43f46da52e167f5eb5fef8674ad5fb408d
SHA512

3b89bad95ff4dca1a4f58f2486c2b3402006b6057b10f4c667158c3e34e3de8b6233c0ed79be6278315b77c0719307df48f13fcc7ef52ae62b1c2f3a6cb7ab07
SSDEEP

3072:+HniQ6FY5iFcWiw9VYk+FJFTYNPpJj9QEUzjZZgVw58D:+H76FY8FcuoFMNFQEUzjZO0y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7e8256fb91239eb7abb54efecb79e43f46da52e167f5eb5fef8674ad5fb408dN

Files

a7e8256fb91239eb7abb54efecb79e43f46da52e167f5eb5fef8674ad5fb408dN
.dll windows:4 windows x86 arch:x86

2ef0bac20198978cb0014e9ec3935b05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Local\Your\United.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
CompareStringW
HeapFree
GetProcessHeap
lstrlenW
GetFileSize
DeleteAtom
FindAtomA
lstrcmpiW
lstrcpyW
SetFilePointer
WriteFile
AddAtomA
GlobalAlloc
LeaveCriticalSection
GlobalFree
InitializeCriticalSection
QueryPerformanceCounter
GetModuleHandleA
GetVolumeInformationW
SetLastError
SetWaitableTimer
LocalFree
LocalAlloc
DisableThreadLibraryCalls
DeleteCriticalSection
HeapDestroy
SetThreadPriority
WaitForSingleObjectEx
GetLastError
DeviceIoControl
GetOverlappedResult
QueueUserAPC
WriteFileEx
ReadFileEx
CreateEventW
CreateThread
CloseHandle
SetEvent
ResetEvent
EnterCriticalSection
Sleep
WaitForSingleObject
UnhandledExceptionFilter
IsBadStringPtrW
lstrlenA
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
RaiseException

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

msvcrt

malloc
exit
free

shlwapi

StrCpyNW
StrCSpnW
StrSpnW
StrCmpIW
StrCmpW
StrCpyW
StrCmpNW
StrToIntW
wnsprintfW
StrCatW

rpcrt4

RpcBindingSetAuthInfoW
RpcStringBindingComposeW

Exports

Exports

AndWarranty
CanadaRightsOf
IsCountryAboveRemedy
SoftwareWwwBuildingTheState
StatesWarrantyThe
YourToOtherYouIn

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 4KB - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ef0bac20198978cb0014e9ec3935b05

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

msvcrt

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.idata Size: 4KB - Virtual size: 2KB

.didat Size: 4KB - Virtual size: 1KB

.xdata Size: 4KB - Virtual size: 371B

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 286KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 43KB

.idata
Size: 4KB - Virtual size: 2KB

.didat
Size: 4KB - Virtual size: 1KB

.xdata
Size: 4KB - Virtual size: 371B

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 286KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 4KB - Virtual size: 1KB