a53367970ebbeba557082e080986f69d5002dfb6e66a07882f56d94e66ba04f4

Sharing

Copy URL Twitter E-mail

General

Target

a53367970ebbeba557082e080986f69d5002dfb6e66a07882f56d94e66ba04f4
Size

1.6MB
MD5

60ae307e7aaf6b43d8db90a85f34f004
SHA1

6f341507e898787a059c57e15af3f50f873ca5bb
SHA256

a53367970ebbeba557082e080986f69d5002dfb6e66a07882f56d94e66ba04f4
SHA512

de2559f2f7f5a94d543af1326948e7f4ba094c025be0d2c5053542c4c020c11bc1457e4a600a740382824b4f6e2a99c30137d87da2d0fd70fc399eed393e3626
SSDEEP

24576:FySk3YSG3smzEMeEccoJ/6tljcWGEWtNEeABXENIb5kFu8UrrLKrGMl:FcfkNsXcoup0N1ABmIcx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a53367970ebbeba557082e080986f69d5002dfb6e66a07882f56d94e66ba04f4

Files

a53367970ebbeba557082e080986f69d5002dfb6e66a07882f56d94e66ba04f4
.exe windows x86

1af75507878fb65c608d95eac546d22f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
CreateDirectoryW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
FormatMessageW
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetProcessHeap
DebugBreak
IsDebuggerPresent
TerminateProcess
OpenProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
InitializeSRWLock
SuspendThread
CreateThread
GetFileAttributesW
CreateFileW
LoadLibraryExW
FreeLibrary
GetEnvironmentVariableW
HeapSize
FlushFileBuffers
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
GetCurrentDirectoryW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetModuleHandleW
SetStdHandle
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ReadFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
CreateEventW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
CreateProcessW
VirtualAllocEx
GetProcAddress
Module32FirstW
QueueUserAPC
LoadLibraryW
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
UnmapViewOfFile
ResumeThread
GetCurrentProcess
WriteProcessMemory
ResetEvent
OutputDebugStringW
SetEvent
GetTickCount64
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
GetLastError
SetLastError
GetSystemTimeAsFileTime
GetCPInfo
CompareStringEx
QueryPerformanceCounter
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
TryAcquireSRWLockExclusive
Module32NextW
SetFilePointerEx

user32

BeginPaint
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
DispatchMessageW
GetMessageW
SetWindowLongW
GetWindowLongW
CreateWindowExW
GetClientRect
AnimateWindow
MoveWindow
IsWindow
ShowWindow
SetWindowTextW
SendMessageW
EndPaint
RegisterClassExW
GetParent
DestroyWindow
SwitchToThisWindow
EnumWindows
GetClassNameW
GetClassInfoExW
GetDlgItemTextA
SetDlgItemTextW
CreateDialogParamW
CloseWindow
KillTimer
PostQuitMessage
DialogBoxParamW
EndDialog
SetTimer
GetSysColor
SetFocus
SetParent
ShowCaret
EnableWindow
ScreenToClient
CreatePopupMenu
TrackPopupMenu
DestroyMenu
GetDlgItem
AppendMenuW
InvalidateRect
GetCursorPos
UpdateWindow
wsprintfW
PostMessageW

gdi32

DeleteDC
DeleteObject
CreateCompatibleDC
SetTextColor
SetBkMode
BitBlt
CreateCompatibleBitmap
SelectObject
CreateSolidBrush

advapi32

RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW

shell32

SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize

ws2_32

__WSAFDIsSet
accept
bind
closesocket
gethostbyname
select
ntohl
shutdown
WSAGetLastError
setsockopt
ioctlsocket
sendto
htons
getsockopt
recv
recvfrom
connect
ntohs
socket
send
inet_addr
WSAStartup
listen

iphlpapi

GetTcpTable2
GetAdaptersInfo

msvcrt

strncpy

psapi

GetMappedFileNameW

Sections

.text
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1af75507878fb65c608d95eac546d22f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

iphlpapi

msvcrt

psapi

Sections

.text Size: 636KB - Virtual size: 636KB

.sedata Size: 864KB - Virtual size: 864KB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 92KB - Virtual size: 92KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 636KB - Virtual size: 636KB

.sedata
Size: 864KB - Virtual size: 864KB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 92KB - Virtual size: 92KB

.sedata
Size: 4KB - Virtual size: 4KB