5ae4143a6d2c62372923f137f53885956606d02cc2d92cfd0dc84cf33dda26c5

Sharing

Copy URL

Twitter E-mail

General

Target

5ae4143a6d2c62372923f137f53885956606d02cc2d92cfd0dc84cf33dda26c5
Size

952KB
MD5

1445c44b84df0f7e6ec2884fc24ee9eb
SHA1

087581b548ee6c0d2ee9a5f26f41789325c6049d
SHA256

5ae4143a6d2c62372923f137f53885956606d02cc2d92cfd0dc84cf33dda26c5
SHA512

ef7d1a3a3be11c8406644cc7349ef172390a096a7bda987efa727b23d790321bca7e15a2857c3d1eb98dc12ccfa8da4a5c89b39e70a2ffa75218ebf9b4c706b8
SSDEEP

24576:hPCqItBJjQ55z5T7qrhnSmvU89tAyfC5YuersFE:hPC9tzQ55z5TTynfhfC4sG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae4143a6d2c62372923f137f53885956606d02cc2d92cfd0dc84cf33dda26c5

Files

5ae4143a6d2c62372923f137f53885956606d02cc2d92cfd0dc84cf33dda26c5
.exe windows x86

e454f57344c4a1e2c286a6dc7f817bdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_global_init
curl_easy_getinfo
curl_slist_append
curl_global_cleanup

kernel32

LocalFileTimeToFileTime
MapViewOfFile
GetTickCount
FileTimeToSystemTime
FindFirstFileW
VirtualQuery
OutputDebugStringW
LockResource
FindNextFileW
lstrcpyW
FindResourceExW
MulDiv
CreateThread
Sleep
ExitProcess
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTempPathA
OpenFileMappingA
DeleteFileA
GetFullPathNameW
GetComputerNameA
FindFirstFileExW
FindClose
LocalAlloc
GetModuleFileNameA
LocalFree
LoadLibraryW
CreateMutexA
ReleaseMutex
DuplicateHandle
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
SwitchToThread
GetCurrentDirectoryW
SetThreadAffinityMask
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateFileW
ReadFile
GetFileAttributesW
WideCharToMultiByte
WriteFile
SetFileTime
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
LoadLibraryA
GetCurrentThreadId
DeleteCriticalSection
CreateHardLinkW
RemoveDirectoryW
GetShortPathNameW
GetLongPathNameW
MoveFileW
DeviceIoControl
SetFileAttributesW
DeleteFileW
GetProcessAffinityMask
ReleaseSemaphore
InitializeCriticalSection
GetVersionExW
SetThreadExecutionState
GetSystemDirectoryW
SetThreadPriority
FoldStringW
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
FileTimeToLocalFileTime
IsDBCSLeadByte
HeapDestroy
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
LCMapStringW
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
lstrcmpiW
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
RaiseException
FlushInstructionCache
InitializeCriticalSectionEx
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
UnmapViewOfFile
CloseHandle
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
CreateTimerQueue
GetThreadPriority
UnregisterWait
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapFree
QueryPerformanceCounter
SetFilePointerEx
GetConsoleCP
GetFileType
GetStringTypeW
GetCurrentThread
HeapAlloc
GetSystemTimeAsFileTime
GetModuleHandleExW
AreFileApisANSI
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetProcessHeap
ReadConsoleW
GetConsoleMode
RtlUnwind
GetStdHandle
HeapSize
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineW
HeapReAlloc
SignalObjectAndWait

user32

CharNextW
GetMessageW
CharToOemBuffA
wsprintfW
MoveWindow
EnableWindow
MapWindowPoints
CharToOemBuffW
LoadCursorW
CharUpperW
OemToCharBuffA
OemToCharA
CharToOemA
UnregisterClassW
SetWindowTextA
GetSystemMetrics
IsWindow
FrameRect
SetWindowPos
GetSysColor
DestroyCursor
ReleaseDC
SystemParametersInfoW
GetWindowTextW
GetClassInfoExW
TranslateMessage
RegisterClassExW
CharLowerW
GetWindowDC
DispatchMessageW
DefWindowProcW
CallWindowProcW
SendMessageW
CreateWindowExW
ShowWindow
SetWindowLongW
GetDlgItem
PeekMessageW
FindWindowExA
MessageBoxA
GetActiveWindow
MessageBoxW
LoadIconW
GetCursorPos
EndPaint
ClientToScreen
SetCursor
GetWindowTextLengthW
ScreenToClient
GetWindowRect
InvalidateRect
RegisterWindowMessageW
IsIconic
FillRect
PostMessageW
DrawTextW
SetForegroundWindow
GetParent
TrackMouseEvent
GetClientRect
BeginPaint
PtInRect
GetDC
InflateRect
OffsetRect
GetWindowLongW

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
SaveDC
OffsetWindowOrgEx
SetBkMode
SetStretchBltMode
RestoreDC
CreateSolidBrush
GetTextExtentPoint32W
BitBlt
SetWindowOrgEx
SetViewportOrgEx
SetBkColor
DeleteDC
CreateFontW
SetTextColor
GetDeviceCaps

advapi32

SetFileSecurityW
LookupPrivilegeValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
Shell_NotifyIconW

ole32

CoCreateGuid
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecA
PathFileExistsA

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipSetStringFormatAlign
GdipSetSmoothingMode
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipCreateFont
GdipDrawString
GdipDrawImagePointsI
GdipCreateFromHDC
GdipSetInterpolationMode
GdipCreateStringFormat
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipLoadImageFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipSetStringFormatLineAlign
GdipCloneBrush
GdipFree
GdipDeleteBrush
GdipSetStringFormatFlags
GdiplusShutdown
GdipCreateFontFamilyFromName

comctl32

_TrackMouseEvent
InitCommonControlsEx

iphlpapi

SendARP
GetAdaptersInfo

ws2_32

WSAStartup
gethostbyname
inet_addr
inet_ntoa
gethostname

Sections

.text
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ran
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sign
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e454f57344c4a1e2c286a6dc7f817bdd

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

iphlpapi

ws2_32

Sections

.text Size: 466KB - Virtual size: 465KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 20KB - Virtual size: 1.1MB

.ran Size: 512B - Virtual size: 64B

.sign Size: 512B - Virtual size: 64B

.rsrc Size: 306KB - Virtual size: 306KB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 466KB - Virtual size: 465KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 20KB - Virtual size: 1.1MB

.ran
Size: 512B - Virtual size: 64B

.sign
Size: 512B - Virtual size: 64B

.rsrc
Size: 306KB - Virtual size: 306KB

.reloc
Size: 64KB - Virtual size: 64KB