54387c6490e7691719e763e589a2afdffa6b96d39492f994477f5a9c15ff3d0c

Sharing

Copy URL Twitter E-mail

General

Target

54387c6490e7691719e763e589a2afdffa6b96d39492f994477f5a9c15ff3d0c
Size

360KB
MD5

2757633024fee55722f0098920922a6c
SHA1

6d17843c92ebbdd9c76d0d3dac026f2009c840bd
SHA256

54387c6490e7691719e763e589a2afdffa6b96d39492f994477f5a9c15ff3d0c
SHA512

5d178fae3c9d41127fa7ec86a5258ab8d098e4517515e21a939499ba13cc8dd0f37f24746fb551b43c2cb3c2e7686955e0ef4ad070e965b2424d32e34a6900c3
SSDEEP

3072:bNaT3IuE4ZMrWUuQX7BT+ATzGl59AKWDXo1fn5Y1Fl0gBSctIccBAg0Fua+wkUIO:444Z6BuW4MqloPo1fO1L02ipBAOykW3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54387c6490e7691719e763e589a2afdffa6b96d39492f994477f5a9c15ff3d0c

Files

54387c6490e7691719e763e589a2afdffa6b96d39492f994477f5a9c15ff3d0c
.dll windows x86

cb25caf1c7b601d811138d66e4717e07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetFilePointer
CreateFileW
FindClose
FindFirstFileW
InterlockedExchange
GetACP
GetLocaleInfoA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchangeAdd
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
GlobalFree
GlobalUnlock
GetModuleFileNameW
CreateDirectoryA
GetFileAttributesA
CreateDirectoryW
GetFileAttributesW
TlsSetValue
GetProcAddress
GetModuleHandleW
FreeLibrary
ReleaseMutex
SetEnvironmentVariableW
FindCloseChangeNotification
InterlockedDecrement
WaitForSingleObject
TlsFree
GetCurrentThreadId
MultiByteToWideChar
lstrcpyW
OutputDebugStringW
WideCharToMultiByte
GetLastError
FindNextFileW
DeleteFileW
GlobalLock
GlobalAlloc
FlushFileBuffers
WritePrivateProfileStringW
WriteFile
GetTempPathA
WritePrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
CopyFileW
MoveFileW
GetEnvironmentVariableW
ExitProcess
CreateMutexW
TerminateProcess
GetCurrentProcess
FindFirstChangeNotificationW
GetLocalTime
TlsGetValue
TlsAlloc
LoadLibraryW
GetSystemInfo
GetTickCount
SetStdHandle
GetCurrentDirectoryW
GetLocaleInfoW
GetTimeZoneInformation
GetProcessHeap
SetEnvironmentVariableA
LoadLibraryA
CompareStringW
CompareStringA
GetDriveTypeA
GetCurrentProcessId
CloseHandle
InterlockedIncrement
RtlUnwind
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetCommandLineA
GetVersionExA
HeapAlloc
LCMapStringA
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
SetLastError
GetModuleHandleA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetFullPathNameW
GetCurrentDirectoryA
VirtualProtect
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetOEMCP

user32

wsprintfW
MessageBoxW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Exports

Exports

XvClose
XvGcid
XvMediaDataSize
XvOpenA
XvOpenW
XvRead
XvVersion

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ropf
Size: 4KB - Virtual size: 857B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb25caf1c7b601d811138d66e4717e07

Headers

File Characteristics

Imports

kernel32

user32

version

wintrust

crypt32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 162KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 12KB - Virtual size: 11KB

.rmnet Size: 60KB - Virtual size: 60KB

.rmnet Size: 60KB - Virtual size: 60KB

.ropf Size: 4KB - Virtual size: 857B

.text
Size: 164KB - Virtual size: 162KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 12KB - Virtual size: 11KB

.rmnet
Size: 60KB - Virtual size: 60KB

.rmnet
Size: 60KB - Virtual size: 60KB

.ropf
Size: 4KB - Virtual size: 857B