ffbf4de127cd891e1ef389a7300d682976c5fcddc0e1b1f3eed49309c459d05f

Sharing

Copy URL Twitter E-mail

General

Target

ffbf4de127cd891e1ef389a7300d682976c5fcddc0e1b1f3eed49309c459d05f
Size

182KB
MD5

1d3139741166c406fcdb6666c857b4b1
SHA1

9bf74c69c86bc927422b868ce633641d8c4893ef
SHA256

ffbf4de127cd891e1ef389a7300d682976c5fcddc0e1b1f3eed49309c459d05f
SHA512

24113f791e7f7edcd9506defc7a1e820f6254be46ba8cd6a3a011a4954041892378535aeb9bdb565a41f256e456d6b98f39dd04b38b015845d8fff3ded245770
SSDEEP

1536:tNkZ9YC1+7xFPkGPITKw9wRYvYnfNmshH0M0K/4sssSYHgL2Dc1Hr:ra6vEK4wRYvkNhH0K/bUL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffbf4de127cd891e1ef389a7300d682976c5fcddc0e1b1f3eed49309c459d05f

Files

ffbf4de127cd891e1ef389a7300d682976c5fcddc0e1b1f3eed49309c459d05f
.dll windows:5 windows x86 arch:x86

01a6614944d431368ee784866daeefd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FlushFileBuffers
WinExec
CreateFileA
WriteConsoleW
GetConsoleOutputCP
OutputDebugStringA
GetLastError
CloseHandle
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
Sleep
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA

user32

FindWindowA
IsIconic
ShowWindow
SetForegroundWindow
SetActiveWindow
LoadIconA
LoadStringA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA

Exports

Exports

CPlApplet

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01a6614944d431368ee784866daeefd0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 124KB - Virtual size: 124KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 124KB - Virtual size: 124KB

.reloc
Size: 5KB - Virtual size: 5KB