5509e1dba71da7d01d9276465a7fbe7854bd552e57e4672286a33fd411c3b42d

Sharing

Copy URL Twitter E-mail

General

Target

5509e1dba71da7d01d9276465a7fbe7854bd552e57e4672286a33fd411c3b42d
Size

105KB
MD5

ea6fb53fc0bb46128c5831c35657bacf
SHA1

1fa82a5d51488cd8ed7ce35f9562919c93acfa12
SHA256

5509e1dba71da7d01d9276465a7fbe7854bd552e57e4672286a33fd411c3b42d
SHA512

d122c5828cb7c7ad3d720d7ec5d0a8b2e5be0e7b9b7934799cfba313b77dadecad03cd0797c9ded46162cb581269810662eb4455e3a9ac8e3a4e23ae01722655
SSDEEP

3072:z21h6DhkV1DKrqokzVnghOvZkZeaf26TL:zpOneqgMvCZewf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5509e1dba71da7d01d9276465a7fbe7854bd552e57e4672286a33fd411c3b42d

Files

5509e1dba71da7d01d9276465a7fbe7854bd552e57e4672286a33fd411c3b42d
.exe windows:5 windows x86

a61f52cad714054fff253005472bdd30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
LookupAccountSidW
GetSidSubAuthority
GetLengthSid
GetSidLengthRequired
GetSidSubAuthorityCount
LsaFreeMemory
LsaQueryInformationPolicy
LsaClose
LsaOpenPolicy
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
CloseEventLog
ClearEventLogW
OpenEventLogW
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
ControlService
RegSaveKeyW
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueA
RegOpenKeyExA

kernel32

GetPrivateProfileIntW
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
WideCharToMultiByte
HeapAlloc
lstrlenW
CompareStringW
GetPrivateProfileStringW
lstrcmpiW
CloseHandle
FormatMessageW
CreateEventW
WaitForSingleObject
SetEvent
GetModuleFileNameW
Sleep
CreateMutexW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
WritePrivateProfileSectionW
CreateDirectoryW
_lwrite
_lcreat
SetFileAttributesA
_lclose
_lread
_llseek
_lopen
CopyFileW
GetFullPathNameW
MoveFileW
DeviceIoControl
CreateFileW
WriteFile
SetFilePointer
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetLastError
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
VirtualQuery
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CompareStringA
SetEnvironmentVariableA
HeapFree
GetProcessHeap
lstrcpynW
CreateThread
GetLastError
SetCurrentDirectoryW
FindFirstFileW
SetFileAttributesW
DeleteFileW
ReadFile
SetEndOfFile
DeleteFileA
GetFileAttributesA
CreateFileA
GetPrivateProfileSectionW
SetErrorMode
GetLogicalDrives
GetDriveTypeW
GetTickCount
GetFileAttributesW
GetCommandLineW
GetCurrentProcess
lstrcatW
lstrcpyW
GetPrivateProfileSectionNamesW
LocalReAlloc
lstrcmpW
GetVersionExW
LocalFree
LocalAlloc
RemoveDirectoryW
FindClose
FindNextFileW

user32

GetWindowRect
SetWindowPos
CheckDlgButton
IsDlgButtonChecked
SendMessageTimeoutW
FindWindowW
SystemParametersInfoW
ExitWindowsEx
MsgWaitForMultipleObjects
PeekMessageW
DestroyWindow
GetParent
SetForegroundWindow
MessageBoxW
CharPrevW
IsDialogMessageW
ShowWindow
GetMessageW
IsWindow
TranslateMessage
DispatchMessageW
CreateDialogParamW
PostQuitMessage
GetDlgItem
SetFocus
EnableWindow
SendMessageW
LoadStringW
CharNextW
GetSystemMetrics

netapi32

NetUnjoinDomain
NetUseDel
NetUseAdd
NetApiBufferFree
NetGetJoinInformation
NetServerGetInfo

ntdll

DbgPrint
NtQueryInformationProcess
NtPowerInformation

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsExW
SetupDiClassNameFromGuidW
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
pSetupUnmapAndCloseFile
pSetupOpenAndMapFileForRead
pSetupEnablePrivilege
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupFindNextLine
SetupDiOpenDeviceInfoW
SetupGetStringFieldW
SetupDiCreateDeviceInfoW
SetupCloseInfFile
SetupOpenInfFileW
SetupDefaultQueueCallbackW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupOpenFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyW
pSetupDoesUserHavePrivilege
pSetupIsUserAdmin
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiCallClassInstaller
SetupDiGetDriverInfoDetailW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupFindFirstLineW

shlwapi

StrChrW
SHSetValueW
wnsprintfW
StrCatBuffW
StrRChrW
PathAppendW
PathFileExistsW
StrStrW
PathIsUNCW
SHDeleteKeyW
PathRemoveFileSpecW
PathIsDirectoryW
StrStrIW

imagehlp

CheckSumMappedFile

ole32

CoInitialize
CoCreateInstance
CoUninitialize

comctl32

InitCommonControlsEx

shell32

SHEmptyRecycleBinW

userenv

GetProfilesDirectoryW

wininet

DeleteUrlCacheEntryA
FreeUrlCacheSpaceW
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a61f52cad714054fff253005472bdd30

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

netapi32

ntdll

setupapi

shlwapi

imagehlp

ole32

comctl32

shell32

userenv

wininet

Sections

.text Size: 83KB - Virtual size: 83KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 83KB - Virtual size: 83KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 17KB - Virtual size: 17KB