0052C6B2867C4FB88FDAD76CB5269810[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0052C6B2867C4FB88FDAD76CB5269810.exe
Size

346KB
MD5

0052c6b2867c4fb88fdad76cb5269810
SHA1

f50cc3a6fd00c89c7bd9e7c102acfeb3021f7204
SHA256

129c2459ee7b10af6afb4ec90d2d0fd3b33f9f8e6fdaccaf04b58de86f5583af
SHA512

441e455fb8efc24ce0f94d4987a4874e0ef0f6ced3c15233135923cef610097ded2cec79a2965abbb48e815b19f70bcac0ad7ff39f8323990fe778924843222e
SSDEEP

6144:dP1eo55O5RyyaWo39oE0Y+YR3SIex4m1rpBc:mIO5RyyaWo39oEfjkI84m1rpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0052C6B2867C4FB88FDAD76CB5269810.exe

Files

0052C6B2867C4FB88FDAD76CB5269810.exe
.exe windows x86

d45f2e75362d8fe7b88512cc67034341

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

dnsapi

DnsQuery_A
DnsFree

secur32

LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaConnectUntrusted

netapi32

NetApiBufferFree
DsGetDcNameA

iphlpapi

GetAdaptersInfo

ntdll

RtlGetNtVersionNumbers

cryptdll

CDLocateCSystem
CDLocateCheckSum

ws2_32

closesocket
socket
recv
WSACleanup
sendto
htons
WSAGetLastError
recvfrom
WSAStartup
connect
send

kernel32

HeapSize
CreateFileW
HeapReAlloc
LoadLibraryW
GetStringTypeW
WriteConsoleW
SetStdHandle
Sleep
GetTickCount
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetLastError
SetLastError
LocalAlloc
LocalFree
CreateFileA
WriteFile
ReadFile
FlushFileBuffers
GetFileSizeEx
CloseHandle
lstrlenA
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetTimeFormatA
GetDateFormatA
FileTimeToLocalFileTime
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetVersionExA
VerifyVersionInfoA
VerSetConditionMask
GetComputerNameA
GetCommandLineA
HeapSetInformation
HeapFree
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
DeleteFileA
DecodePointer
EncodePointer
SetConsoleCtrlHandler
MultiByteToWideChar
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
LCMapStringW
ExitProcess
GetStdHandle
GetModuleFileNameW

user32

DispatchMessageA
TranslateMessage
SetScrollRange
MessageBoxA
SetWindowLongA
InvalidateRect
SendMessageA
PeekMessageA

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d45f2e75362d8fe7b88512cc67034341

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

dnsapi

secur32

netapi32

iphlpapi

ntdll

cryptdll

ws2_32

kernel32

user32

Sections

.text Size: 280KB - Virtual size: 279KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 6KB - Virtual size: 18KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 280KB - Virtual size: 279KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 6KB - Virtual size: 18KB

.reloc
Size: 10KB - Virtual size: 10KB