d4f6ba33ca3d8f2a12a8343602979f50b4651c61cb72e50f41973590b514a6e0

Sharing

Copy URL Twitter E-mail

General

Target

d4f6ba33ca3d8f2a12a8343602979f50b4651c61cb72e50f41973590b514a6e0
Size

733KB
MD5

d1c3b9dc41b3ad5db87fd7337713ba92
SHA1

18926139988f1e16f044b3da712478eaaf0b97ab
SHA256

d4f6ba33ca3d8f2a12a8343602979f50b4651c61cb72e50f41973590b514a6e0
SHA512

578ea331a6df793d1a128b2cf95a688ae581d771350e2f80f0c5eeb626248c71de0418a18868d8b04f1651debb4b1d9b8e0724a8e14d0c2d6ed6a73be0a7b67d
SSDEEP

12288:UqsGA0ceLPMaJtqcsLLY4mkzcPsJtrEHjHh5XQTzDp709ptKmgkN9pPtIUi2K7er:Ugceg8tqc65mgcPOMDXQTz9QftBgUpPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4f6ba33ca3d8f2a12a8343602979f50b4651c61cb72e50f41973590b514a6e0

Files

d4f6ba33ca3d8f2a12a8343602979f50b4651c61cb72e50f41973590b514a6e0
.exe windows x86

5565fc940f16155480497bea78ee5c50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsA
InterlockedDecrement
FileTimeToSystemTime
FileTimeToLocalFileTime
Process32Next
GetShortPathNameA
Module32First
Process32First
CreateToolhelp32Snapshot
GetTempFileNameA
GetTempPathA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetDriveTypeA
FindClose
FindFirstFileA
GetModuleFileNameA
GetSystemInfo
SetEnvironmentVariableA
CompareStringW
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
DeviceIoControl
CloseHandle
GetSystemDirectoryA
LocalAlloc
GetLastError
LocalFree
GetPrivateProfileIntA
WideCharToMultiByte
MoveFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
CopyFileA
MultiByteToWideChar
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
InterlockedIncrement
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
Sleep
lstrlenA
lstrlenW
RtlUnwind
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RaiseException
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
SetFilePointer
GetFileType
CreateFileW
DeleteFileA
CreateProcessA
DuplicateHandle
HeapReAlloc
FindFirstFileExA
FindNextFileA
CreateDirectoryA
GetFileAttributesA
GetDriveTypeW
GetFullPathNameA
GetTimeFormatA
GetDateFormatA
GetCommandLineA
HeapSetInformation
GetCPInfo
LCMapStringW
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStartupInfoW
WriteConsoleW
SetEndOfFile
GetProcessHeap
ReadFile
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
CreatePipe
GetExitCodeProcess
WaitForSingleObject
FlushFileBuffers

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantInit
VariantChangeType
GetErrorInfo
CreateErrorInfo
SysFreeString
VariantClear
SetErrorInfo
SysAllocString

advapi32

RegUnLoadKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryInfoKeyA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
RegEnumKeyExA
LookupAccountNameA
ConvertSidToStringSidA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegLoadKeyA

netapi32

NetUserEnum
NetApiBufferFree

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

Sections

.text
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5565fc940f16155480497bea78ee5c50

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

advapi32

netapi32

wintrust

Sections

.text Size: 606KB - Virtual size: 605KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 606KB - Virtual size: 605KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 24KB - Virtual size: 24KB