519b41e22dea6e9f1a7b38babc6f973dd7cb5ed541a7fe1fae9c1e7dde656315

Sharing

Copy URL Twitter E-mail

General

Target

519b41e22dea6e9f1a7b38babc6f973dd7cb5ed541a7fe1fae9c1e7dde656315
Size

2.5MB
MD5

4f56773c9ae5c410f7be1d550dc89771
SHA1

4c1332efcd0221e0807d799afe8625a16dc7f635
SHA256

519b41e22dea6e9f1a7b38babc6f973dd7cb5ed541a7fe1fae9c1e7dde656315
SHA512

0bb8c3c370f9eae21218cf25b438bf38d1d870943dfbec7c5b0cb28bd76a784e689a2ca9ec3c59e246882599a1173f3c87fb711dcb685fadced6535cd91a4e3f
SSDEEP

24576:/6YMCY5zQ+nqmSrtx8+ganAMolyfcD/I8Et6FWuTVx0JIYIWEVCsldqn0Ep0:/MBzyP8nanAbyfcDjFTVx0JIYvgdyp0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
519b41e22dea6e9f1a7b38babc6f973dd7cb5ed541a7fe1fae9c1e7dde656315

Files

519b41e22dea6e9f1a7b38babc6f973dd7cb5ed541a7fe1fae9c1e7dde656315
.exe windows x64

19f565b9eb9e68c002317d22c6de69c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

kernel32

RtlUnwindEx
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
VirtualProtect
QueryPerformanceFrequency
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
SetFilePointerEx
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
lstrcpynW
GetLastError
GetModuleFileNameW
SetLastError
GetNativeSystemInfo
lstrlenA
CreateThread
CompareStringW
GetFileSizeEx
lstrcpyA
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
GlobalMemoryStatusEx
LoadLibraryExW
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
SuspendThread
GetTickCount
lstrcmpiA
GetFileSize
GetStartupInfoW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrcpynA
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
CreateMutexA
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
GetLogicalProcessorInformation
GetComputerNameW
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
QueryFullProcessImageNameW
SetThreadLocale
GetThreadLocale

shlwapi

StrStrIW

ole32

CoInitialize
CoUninitialize

user32

UnregisterClassW
CreateWindowExW
GetMessageW
GetClassInfoW
TranslateMessage
CharLowerBuffW
CharUpperW
PeekMessageW
GetSystemMetrics
DefWindowProcW
wsprintfW
MessageBoxA
MessageBoxW
GetAsyncKeyState
SetWindowLongPtrW
CharUpperBuffW
RegisterClassW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
DispatchMessageW
GetCursorPos

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

msvcrt

_wcslwr
isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

advapi32

RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 568B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19f565b9eb9e68c002317d22c6de69c8

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

shlwapi

ole32

user32

oleaut32

msvcrt

advapi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 766KB - Virtual size: 765KB

.bss Size: - Virtual size: 50KB

.idata Size: 6KB - Virtual size: 5KB

.tls Size: - Virtual size: 568B

.rdata Size: 512B - Virtual size: 109B

.reloc Size: 69KB - Virtual size: 69KB

.pdata Size: 56KB - Virtual size: 56KB

.rsrc Size: 57KB - Virtual size: 56KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 766KB - Virtual size: 765KB

.bss
Size: - Virtual size: 50KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: - Virtual size: 568B

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 69KB - Virtual size: 69KB

.pdata
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 57KB - Virtual size: 56KB