5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7

Sharing

Copy URL

Twitter E-mail

General

Target

5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7
Size

588KB
MD5

1ebddfff697158465d7c0d23ed3ff9ff
SHA1

a9d549f35ed6394e9d4b1190f355fee3683a949a
SHA256

5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7
SHA512

614af970d2ab98162e563abb408d1bd771ab117e42923dbe293b5a21cbc5abef7a027240048bf12e953f7411a93c879276d525eb49e1481dfd1d94444bc0c926
SSDEEP

12288:Or+Cu0Q5PuhoVncbfF0fHx8QdB/NtfakNp8z2uDpTKubP4ofC0yqCE:Or+5dnncbfSfRvdDtfa8uDtUYZCE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7

Files

5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7
.exe windows:4 windows x86

221f7cd1cacf4a3e7c1a1a42929d6794

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CreatePipe
PeekNamedPipe
ReadFile
GetExitCodeProcess
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
GetFileSize
GetStartupInfoA
SetFileAttributesA
GetLocalTime
SetFilePointer
MoveFileA
WritePrivateProfileStringA
GetTickCount
DeleteFileA
Sleep
GetVersionExA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
WriteFile
LCMapStringW
FlushFileBuffers
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
TerminateThread
GetExitCodeThread
GetCurrentProcess
GetCurrentProcessId
OpenProcess
Process32First
TerminateProcess
GetEnvironmentVariableA
WaitForSingleObject
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
LocalSize
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
CreateProcessA
lstrcpyn
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetWindowsDirectoryA
SetWaitableTimer
CreateWaitableTimerA
CreateThread
GetSystemWow64DirectoryA
GetProcAddress
GetModuleHandleA
CloseHandle
Process32Next
CreateToolhelp32Snapshot
WideCharToMultiByte
GlobalFree
RtlMoveMemory
GlobalAlloc
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
GetTempPathA
GetSystemDirectoryA
GetLastError
DeleteCriticalSection
GetVersion
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA
GetInputState
PostMessageA
ExitWindowsEx
MsgWaitForMultipleObjects
FindWindowExA

advapi32

ChangeServiceConfig2A
CryptAcquireContextA
CryptCreateHash
RegCreateKeyExA
RegFlushKey
EnumDependentServicesA
EnumServicesStatusExA
EnumServicesStatusA
ChangeServiceConfigA
ControlService
StartServiceA
DeleteService
CreateServiceA
GetServiceKeyNameA
GetServiceDisplayNameA
QueryServiceConfig2A
QueryServiceConfigA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnableReflectionKey
RegDisableReflectionKey
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
GetUserNameA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

gethostbyname
WSACleanup
gethostname
WSAStartup
WSAGetLastError
inet_addr
connect
inet_ntoa
send
__WSAFDIsSet
select
closesocket
htons
socket
shutdown
ioctlsocket
recv

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA

dbghelp

MakeSureDirectoryPathExists

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 811B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

221f7cd1cacf4a3e7c1a1a42929d6794

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

dbghelp

oleaut32

Sections

.text Size: - Virtual size: 280KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 774KB

.upx0 Size: - Virtual size: 46KB

.upx1 Size: 580KB - Virtual size: 579KB

.rsrc Size: 4KB - Virtual size: 811B

.text
Size: - Virtual size: 280KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 774KB

.upx0
Size: - Virtual size: 46KB

.upx1
Size: 580KB - Virtual size: 579KB

.rsrc
Size: 4KB - Virtual size: 811B