e32c5d851cf23a6d3ecd224055619996d32210cc198ccd770494a902c788b481

Sharing

Copy URL Twitter E-mail

General

Target

e32c5d851cf23a6d3ecd224055619996d32210cc198ccd770494a902c788b481
Size

1.1MB
MD5

4aa99594de2bad738adbf3a7be086655
SHA1

abe4edc266291ab3b9a8f922eb76b5b945a7bd3f
SHA256

e32c5d851cf23a6d3ecd224055619996d32210cc198ccd770494a902c788b481
SHA512

92d0c56e40fb83e82381c5796d086408024e5426feac51cc0bbcdd62fe5c10e291addfba9f576ad57d155ecf91cca8dba4b8d58142136764dec65c6967f2e1e9
SSDEEP

24576:2UzrYO5dkMxkKmzTk50aSdjVeszpojB0CAfkmh3U2A2K8ASRNbpMf5o5J9Eweo:2ykM7KTkXSdvzpojZmJUF+g5oWweo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e32c5d851cf23a6d3ecd224055619996d32210cc198ccd770494a902c788b481

Files

e32c5d851cf23a6d3ecd224055619996d32210cc198ccd770494a902c788b481
.exe windows x86

183938668ab3224cfaf4850d7aef7fe5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingW
MapViewOfFile
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetFileAttributesW
GetCurrentThreadId
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
GetFileSize
QueryPerformanceCounter
FlushFileBuffers
FindFirstFileW
FindNextFileW
K32GetModuleFileNameExW
InitializeCriticalSectionEx
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
RaiseException
DecodePointer
ExpandEnvironmentStringsW
FindClose
GetDriveTypeW
GetFileTime
SetLastError
QueryPerformanceFrequency
WriteConsoleW
SetStdHandle
FindNextFileA
FindFirstFileExA
SetFileAttributesA
DeleteFileA
SetFileAttributesW
OpenProcess
GetModuleHandleA
DuplicateHandle
CreateMutexW
IsWow64Process
CreateProcessA
GetProcAddress
LoadLibraryA
FileTimeToSystemTime
Sleep
GetTempPathW
VirtualAlloc
GetCurrentProcess
VirtualFree
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetFilePointerEx
GetConsoleCP
CreateFileW
UnmapViewOfFile
GetTempFileNameW
CopyFileW
LocalFree
DeleteFileW
CreateFileA
lstrlenA
ExpandEnvironmentStringsA
WriteFile
GetComputerNameW
GetLocalTime
GetLastError
GetTickCount
CreateThread
CloseHandle
TerminateThread
ReleaseMutex
FormatMessageA
WaitForSingleObject
ReadConsoleW
GetConsoleMode
GetFileType
CreatePipe
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
GetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateProcessW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList

user32

ReleaseDC
GetDC
GetSystemMetrics

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject

advapi32

RegGetValueA
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetUserNameW
GetTokenInformation
RegDeleteKeyValueW
RegGetValueW

shell32

SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear

iphlpapi

GetIpAddrTable

crypt32

CryptUnprotectData

esent

JetRetrieveColumn
JetEndSession
JetSetSystemParameterA
JetGetRecordSize
JetCloseDatabase
JetCloseTable
JetBeginSessionA
JetTerm
JetCreateInstanceA
JetDetachDatabaseW
JetOpenDatabaseW
JetGetColumnInfoA
JetOpenTableA
JetAttachDatabaseW
JetInit
JetMove

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdipFree
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipAlloc

wininet

InternetReadFile
InternetOpenUrlA
HttpOpenRequestW
InternetOpenW
InternetQueryOptionW
HttpQueryInfoA
InternetCrackUrlW
InternetCloseHandle
HttpSendRequestW
InternetConnectW
InternetSetOptionW
InternetOpenA

Sections

.text
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

183938668ab3224cfaf4850d7aef7fe5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

crypt32

esent

gdiplus

wininet

Sections

.text Size: 838KB - Virtual size: 838KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 15KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 82KB - Virtual size: 82KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 838KB - Virtual size: 838KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 15KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 34KB - Virtual size: 33KB