5d7ed229364082bfa0ed922b094cddab3fa17a7a6d3e0871371fe9ee4d76f2bd

Sharing

Copy URL

Twitter E-mail

General

Target

5d7ed229364082bfa0ed922b094cddab3fa17a7a6d3e0871371fe9ee4d76f2bd
Size

2.8MB
MD5

b08e8f60f8997a04481403b4f19aba8d
SHA1

f7263edab8f66026f148cade3139ec3cbc8413ae
SHA256

5d7ed229364082bfa0ed922b094cddab3fa17a7a6d3e0871371fe9ee4d76f2bd
SHA512

8b38f15768e8786afb4230eb796d05f1b4d978adb23cea720fe089507fbcf8dbff952b95020d0d66a29d93b41f9b9b4114ff2325d90de6aac0d030b882ad712d
SSDEEP

49152:DQWAZEISU5F3OhMriLVDNlGK63ysN9FlXFyo10oyxiejuptIu0K9+3YKYC:DIpSU739riLVD7f63yW9xyxi2IIun

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d7ed229364082bfa0ed922b094cddab3fa17a7a6d3e0871371fe9ee4d76f2bd

Files

5d7ed229364082bfa0ed922b094cddab3fa17a7a6d3e0871371fe9ee4d76f2bd
.exe windows x86

6389f839db3dc91a032f42dcfa6eb405

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
OpenProcess
GetProcAddress
GetModuleHandleW
QueryDosDeviceW
GetCurrentProcess
WaitForSingleObject
CreateToolhelp32Snapshot
TerminateProcess
CreateProcessW
GetExitCodeProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessTimes
GetWindowsDirectoryW
Process32NextW
Process32FirstW
CreateFileW
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTempFileNameA
SetFileAttributesA
GetLastError
GetFileAttributesExA
MoveFileExA
CloseHandle
ReadFile
Sleep
CreateFileA
LocalFree
OutputDebugStringA
FindFirstFileExA
GetDriveTypeA
GetSystemTime
SystemTimeToFileTime
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
SetEndOfFile
FindClose
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GetFullPathNameW
GetFileAttributesW
CopyFileW
GetCurrentDirectoryW
GetFileInformationByHandle
GetModuleFileNameA
MoveFileExW
FindFirstFileW
FindNextFileW
GetEnvironmentVariableW
CreateDirectoryW
AreFileApisANSI
SetLastError
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceFrequency
SleepEx
GetTickCount
QueryPerformanceCounter
VerifyVersionInfoW
VerSetConditionMask
GetModuleHandleA
CompareFileTime
GetEnvironmentVariableA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
DeleteFileA
WriteConsoleW
GetModuleFileNameW
GetCommandLineA
HeapSetInformation
RaiseException
RtlUnwind
MoveFileA
GetCPInfo
LCMapStringW
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetDriveTypeW
FindFirstFileExW
SetFilePointer
GetTimeFormatA
GetDateFormatA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetConsoleCtrlHandler
HeapSize
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetFullPathNameA
CompareStringW
SetEnvironmentVariableA
CreateFiber
SwitchToFiber
DeleteFiber
GetVersion
GetModuleHandleExW
InterlockedExchangeAdd
ReadConsoleW
ReadConsoleA
SetConsoleMode
FormatMessageW
WideCharToMultiByte
FormatMessageA
GetProcessHeap
HeapFree
HeapAlloc

advapi32

ReportEventW
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidW
GetTokenInformation
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
DeregisterEventSource
AdjustTokenPrivileges
RegisterEventSourceW

shlwapi

PathRemoveFileSpecA
PathFileExistsA
StrStrIW
PathFindFileNameA

psapi

GetProcessMemoryInfo
GetProcessImageFileNameW

ws2_32

gethostname
ioctlsocket
ntohs
getsockname
setsockopt
WSAIoctl
recv
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
__WSAFDIsSet
select
recvfrom
sendto
htonl
listen
accept
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
getpeername
getsockopt
htons
bind
getnameinfo
shutdown

wldap32

ord117
ord14
ord219
ord216
ord46
ord41
ord27
ord301
ord167
ord79
ord142
ord127
ord147
ord133
ord26
ord208
ord145

crypt32

CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertCloseStore
CertFreeCertificateContext

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 534KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6389f839db3dc91a032f42dcfa6eb405

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

psapi

ws2_32

wldap32

crypt32

user32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 534KB - Virtual size: 533KB

.data Size: 35KB - Virtual size: 57KB

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 117KB - Virtual size: 116KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 534KB - Virtual size: 533KB

.data
Size: 35KB - Virtual size: 57KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 117KB - Virtual size: 116KB