p5819525[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

p5819525.exe
Size

33KB
MD5

302577d6a564e1c60362fb807d5a065c
SHA1

a064e4a9b3fb279746a050462e45d46e7f44467a
SHA256

65d47ccc72c041336c74a2292ce5d805443a2088a05be76bfe960225046ab3b6
SHA512

a8789a1938313eaba337be41a4d44808d0d1ef8b45dcb3c2920383b932dd05be2a8fd5805497ba0068c140a92ab96b8412b8276d14c2da2014c0e898dee129b7
SSDEEP

384:eCli1f2vdVdViTxC06n9RllSNnNgwFI7JWWarW:eCi1+vTdIc0YPeNnNgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
p5819525.exe

Files

p5819525.exe
.exe windows x64

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

Sleep
HeapSetInformation
LocalFree
GetFileType
WideCharToMultiByte
GetLastError
FormatMessageW
SetThreadUILanguage
GetEnvironmentVariableW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
GetConsoleMode

msvcrt

_fileno
_write
_setmode
vswprintf_s
_wcsicmp
memset
_get_osfhandle
__iob_func
fgetpos
wcschr
fwprintf
fflush
memmove
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
iswprint
_wtoi
_vsnwprintf
exit
_vscwprintf

ntdll

RtlVirtualUnwind
RtlCaptureContext
NtWaitForSingleObject
NtCreateFile
RtlUpcaseUnicodeStringToOemString
RtlIpv4StringToAddressW
RtlLookupFunctionEntry
NtDeviceIoControlFile
RtlInitUnicodeString
RtlIpv4AddressToStringW
RtlGUIDFromString
NtClose

ws2_32

ntohl

user32

OemToCharBuffW

mswsock

GetSocketErrorMessageW

iphlpapi

NhGetInterfaceNameFromDeviceGuid

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ws2_32

user32

mswsock

iphlpapi

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 86KB

.pdata Size: 512B - Virtual size: 492B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 86KB

.pdata
Size: 512B - Virtual size: 492B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 32B