5c2eab11f538e686322d818822f6c31a90b1d3814cbbdc17996ad9d1199664f4

Sharing

Copy URL Twitter E-mail

General

Target

5c2eab11f538e686322d818822f6c31a90b1d3814cbbdc17996ad9d1199664f4
Size

100KB
MD5

839a08bb642f8525cea9aa2c231a2054
SHA1

70b6416c08563fa99239af1c60451a2eb0d3a0a4
SHA256

5c2eab11f538e686322d818822f6c31a90b1d3814cbbdc17996ad9d1199664f4
SHA512

0567c9f94f51916593b9fbdfcfb39473626f447a566ebb227732adb2cb374c901637bdd90bc0a84c8352f5afd4f8ced90f215ca1d190f45fcea04305bcfe6092
SSDEEP

1536:edyf6Unx3rp51+mh+9OW0q3Gm1DP7v+FPKUP9YALQO6shf4y1Qc:edyCsxdjh+gW0Rm12FPKcSO6sG3c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c2eab11f538e686322d818822f6c31a90b1d3814cbbdc17996ad9d1199664f4

Files

5c2eab11f538e686322d818822f6c31a90b1d3814cbbdc17996ad9d1199664f4
.exe windows x86

8a9880f54a92aadf55ce7f85aa2c7e64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueW
PathFileExistsW

kernel32

CloseHandle
WriteFile
CreateFileW
LockResource
LoadResource
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
MultiByteToWideChar
ReadFile
SetFilePointer
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetProcAddress
LoadLibraryExW
ExpandEnvironmentStringsW
lstrlenW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
RemoveDirectoryW
DeleteFileW
lstrcmpiW
CreateDirectoryW
SizeofResource
FindClose
FindNextFileW
FindFirstFileW
GetUserDefaultLCID
GetModuleFileNameW
MoveFileExW
GetLastError
EnumResourceNamesW
GetTempPathW
FindFirstFileExW
SetProcessWorkingSetSize
GetCurrentProcess
ExitProcess
GetModuleHandleW
LocalFree
GetCommandLineW
VirtualFree
VirtualAlloc
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FindResourceW
GetTickCount
HeapReAlloc
GetLocaleInfoA
RtlUnwind
HeapSize
IsValidCodePage
GetOEMCP
Sleep
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP

user32

GetDesktopWindow
SetForegroundWindow
ShowWindow
wsprintfW
MessageBoxW

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20.7MB - Virtual size: 20.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a9880f54a92aadf55ce7f85aa2c7e64

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 45KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 20.7MB - Virtual size: 20.7MB

.text
Size: 45KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 20.7MB - Virtual size: 20.7MB