MEM_0058C7A8_0004C800[.]mem

Sharing

Copy URL

Twitter E-mail

General

Target

MEM_0058C7A8_0004C800.mem
Size

306KB
MD5

e7c9b7e251f3c80a2d40ad685de708d9
SHA1

583ee22986fe068be957327309f9d5a8d03d7fce
SHA256

50f396989f2dc9149e7f198c1ff81ce635c856ff46874bf60f17583b28ba0324
SHA512

31e4bc28fc550295ade3be814ed306f83117d41a60d60eb93286ad8853bf9631cb20d6b2bbd79e45f4ec027f080162a96948897c79e35fc119368f0e2d96b8ba
SSDEEP

6144:pLS2DURtX937BkHxd4VeVPzwnQXEktUJ9r4JX6k5zlBzvDpm:pD27BkRaUVMnQXEkvXfzlBRm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MEM_0058C7A8_0004C800.mem

Files

MEM_0058C7A8_0004C800.mem
.exe windows x86

a5ba6e2459ffd5ca0343b1cefd886258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualProtect
SetFilePointer
OutputDebugStringW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
RaiseException
GlobalFree
lstrlenW
FindClose
FindFirstFileW
lstrcpyA
LoadLibraryW
InterlockedExchange
QueueUserWorkItem
GetLocalTime
Sleep
OpenProcess
GetSystemInfo
GetCurrentProcess
GetModuleHandleW
GetVersion
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatW
lstrcpyW
GetEnvironmentVariableW
GetShortPathNameW
ExpandEnvironmentStringsW
GetExitCodeProcess
TerminateThread
TerminateProcess
WaitForMultipleObjects
CreateProcessW
DuplicateHandle
CreatePipe
HeapAlloc
GetProcessHeap
HeapFree
SetLastError
GetModuleFileNameA
WinExec
WritePrivateProfileStringW
GetPrivateProfileStringW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
VirtualFree
GetSystemDefaultLCID
GetCurrentProcessId
GlobalMemoryStatusEx
GetComputerNameW
SetStdHandle
FlushFileBuffers
GetConsoleMode
WriteFile
ReadFile
SetEvent
CreateEventW
CreateThread
WaitForSingleObject
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
GetModuleFileNameW
ExitProcess
FreeLibrary
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetLastError
GetFileSize
CreateFileMappingW
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetStartupInfoW
WriteConsoleW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
HeapSize
GetStdHandle
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
ResumeThread
ExitThread
HeapReAlloc
RtlUnwind
DecodePointer
EncodePointer
InterlockedCompareExchange
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
MapViewOfFile
UnmapViewOfFile
FindNextFileW
CloseHandle

advapi32

RegCloseKey
RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
LookupAccountSidW

shell32

ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateGuid
CoUninitialize

ws2_32

inet_addr
shutdown
recv
send
ioctlsocket
connect
getsockopt
WSAGetLastError
gethostbyname
closesocket
ntohs
socket
bind
sendto
select
__WSAFDIsSet
setsockopt
recvfrom
htonl
htons
inet_ntoa
WSAStartup

winhttp

WinHttpSetOption
WinHttpReadData
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpen
WinHttpOpenRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpQueryDataAvailable

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

iphlpapi

GetIpAddrTable

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringFreeA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcBindingFree

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

psapi

GetModuleBaseNameW

powrprof

CallNtPowerInformation

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5ba6e2459ffd5ca0343b1cefd886258

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

ws2_32

winhttp

wtsapi32

iphlpapi

rpcrt4

wininet

psapi

powrprof

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 82KB - Virtual size: 91KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 82KB - Virtual size: 91KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 11KB - Virtual size: 11KB