56e3ec29fe432866e9432500a4d4b7ed6e3798e167eb8f3d5cc57c4a9769bf12

Sharing

Copy URL Twitter E-mail

General

Target

56e3ec29fe432866e9432500a4d4b7ed6e3798e167eb8f3d5cc57c4a9769bf12
Size

1.1MB
MD5

b97454c73f3cbe3570b6d9478b61168b
SHA1

d6bafe672b3dbf16c23c5aaa47c4a0c1697a8992
SHA256

56e3ec29fe432866e9432500a4d4b7ed6e3798e167eb8f3d5cc57c4a9769bf12
SHA512

8b5341b770559b30d435ee1f1072527e028d6b964e701459986e96acfdcb790ea5308e2b0ec2403105019fbc3e120b0904dd75de9113919dc577a248c2f1c29f
SSDEEP

24576:vqgSuqfm5/EKWyTx8x1lWH9Hw3QkSv1PaGW:vq7YTkSv5az

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56e3ec29fe432866e9432500a4d4b7ed6e3798e167eb8f3d5cc57c4a9769bf12

Files

56e3ec29fe432866e9432500a4d4b7ed6e3798e167eb8f3d5cc57c4a9769bf12
.exe windows:4 windows x86

549b14feb28dc5b3425b4c58e9d03f07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
CryptGenKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
OpenServiceA
CloseServiceHandle
RegDeleteValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateServiceA
StartServiceA
ControlService
DeleteService
StartServiceCtrlDispatcherA
OpenSCManagerA
RegCloseKey

comctl32

CreateStatusWindowA
PropertySheetA
ImageList_AddMasked
ImageList_Create
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_GetIcon
InitCommonControls
ImageList_GetIconSize
ImageList_Remove
ImageList_GetImageCount
ImageList_Draw

crypt32

CryptEncodeObject
CertFreeCertificateContext
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertOpenStore
CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CertStrToNameA
CertDeleteCertificateFromStore
CertFindCertificateInStore
CertCompareCertificate
CertComparePublicKeyInfo
CertGetNameStringA
CertEnumCertificatesInStore
CertCloseStore

gdi32

GetObjectA
CreateFontIndirectA
GetTextColor
SetBkMode
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
SetTextColor
SetBkColor
ExtTextOutA
GetTextExtentPoint32A
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
IntersectClipRect
CreateFontA
TextOutA
SetTextAlign
LineTo
MoveToEx
GetStockObject
RoundRect
SelectObject
GetTextMetricsA

kernel32

CopyFileA
CreateMutexA
TerminateProcess
GetCurrentProcessId
GetSystemDirectoryA
GetModuleHandleA
SetLastError
CreateProcessA
GetExitCodeThread
Sleep
GetCurrentThreadId
RemoveDirectoryA
SetCurrentDirectoryA
FindFirstFileW
FindNextFileW
GetFileAttributesExA
CreateThread
CreateEventA
WaitForSingleObject
SetEvent
GetTickCount
lstrcpyA
lstrcatA
lstrlenA
GetSystemTime
FlushFileBuffers
FormatMessageA
WriteFile
GetFileSize
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
SetFilePointer
DeleteFileA
MoveFileA
ReadFile
GetLocalTime
GetTimeFormatA
GetDateFormatA
CreateDirectoryA
HeapReAlloc
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
GetModuleFileNameA
GetCurrentDirectoryA
InterlockedCompareExchange
InterlockedExchange
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
GetSystemInfo
SystemTimeToFileTime
SetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
GetFileInformationByHandle
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
GetStartupInfoA
lstrlen

msvcrt

time
mktime
localtime
isalpha
isupper
strtoul
atol
sprintf
isdigit
atoi
towlower
strrchr
isspace
isxdigit
_vsnprintf
tolower
strchr
iswctype
puts
_mbsrchr
_beginthread
atof
memmove
rand
sscanf
wcscmp
fclose
fgets
fopen
rename
remove
strncmp
printf
_ftol
wcslen
calloc
free
strncpy
fputs
fflush
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_mbschr

odbc32

SQLSetStmtAttr
SQLDataSources
SQLSetEnvAttr
SQLSetConnectAttr
SQLConnect
SQLDisconnect
SQLAllocHandle
SQLGetDiagRec
SQLDescribeCol
SQLNumResultCols
SQLExecDirect
SQLGetData
SQLFetch
SQLFreeStmt
SQLFreeHandle

rpcrt4

UuidToStringA
RpcStringFreeA

shell32

Shell_NotifyIconA
ShellExecuteA

secur32

DecryptMessage
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesA

user32

DialogBoxParamA
DrawStateA
DrawFrameControl
FillRect
OffsetRect
InflateRect
FrameRect
DrawTextA
SetForegroundWindow
SetWindowPos
GetDesktopWindow
GetWindowRect
ScreenToClient
SetRect
MessageBoxExA
MoveWindow
KillTimer
ShowWindow
DestroyMenu
TrackPopupMenuEx
InsertMenuA
CreatePopupMenu
GetFocus
GetWindow
SetTimer
CreateDialogParamA
MessageBoxA
EnableWindow
SetActiveWindow
GetCursorPos
ShowWindowAsync
RemovePropA
GetActiveWindow
EndDialog
GetDlgItemTextA
LoadBitmapA
SetWindowTextA
GetParent
SetDlgItemTextA
CallWindowProcA
GetNextDlgTabItem
SetFocus
GetDlgItem
DrawFocusRect
GetSysColor
LockWindowUpdate
GetSystemMetrics
GetPropA
SetCursor
ReleaseCapture
CharLowerBuffA
LoadImageA
WindowFromPoint
ClientToScreen
DestroyWindow
DestroyIcon
CreateWindowExA
GetWindowTextA
GetClientRect
ShowScrollBar
GetDC
ReleaseDC
SendMessageA
PostMessageA
CharPrevA
CharNextA
LoadCursorA
RegisterClassExA
DefWindowProcA
BeginPaint
GetWindowLongA
EndPaint
SetWindowLongA
InvalidateRect
PtInRect
SetCapture
GetCapture
SetPropA
PostThreadMessageA
SendMessageTimeoutA
IsIconic
EnumWindows
DefDlgProcA
RegisterWindowMessageA
IsWindowVisible
DrawIcon
GetMessagePos
GetDlgCtrlID
GetIconInfo
IsWindow
GetKeyState
CopyRect
DestroyCursor

winmm

timeBeginPeriod
timeGetTime

ws2_32

WSACleanup
sendto
recvfrom
WSAStartup
gethostname
getpeername
WSASocketA
getservbyport
gethostbyaddr
getservbyname
ntohs
inet_ntoa
shutdown
connect
accept
getsockopt
WSASetLastError
send
recv
select
__WSAFDIsSet
ioctlsocket
gethostbyname
htons
htonl
socket
setsockopt
closesocket
bind
listen
getsockname
ntohl
inet_addr
WSAGetLastError
WSAIoctl

Sections

.text
Size: 498KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.poly
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 8.3MB

.as_0001
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_0002
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_0003
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_0004
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 64KB

.as_0005
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 16KB

.as_0006
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 800KB

.as_0007
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 44KB

.as_0008
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_0009
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_000a
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_000b
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 124KB

.as_000c
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_000d
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 1.9MB

.as_000e
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_000f
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_0010
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_0011
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_0012
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 60KB

.as_0013
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

549b14feb28dc5b3425b4c58e9d03f07

Headers

File Characteristics

Imports

advapi32

comctl32

crypt32

gdi32

kernel32

msvcrt

odbc32

rpcrt4

shell32

secur32

user32

winmm

ws2_32

Sections

.text Size: 498KB - Virtual size: 500KB

.data Size: 45KB - Virtual size: 48KB

Size: 6KB - Virtual size: 144KB

.rsrc Size: 151KB - Virtual size: 152KB

Size: - Virtual size: 4KB

.poly Size: 3KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.zero Size: - Virtual size: 8.3MB

.as_0001 Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_0002 Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_0003 Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_0004 Size: 208KB - Virtual size: 208KB

.zero Size: - Virtual size: 64KB

.as_0005 Size: 16KB - Virtual size: 16KB

.zero Size: - Virtual size: 16KB

.as_0006 Size: 112KB - Virtual size: 112KB

.zero Size: - Virtual size: 800KB

.as_0007 Size: 20KB - Virtual size: 20KB

.zero Size: - Virtual size: 44KB

.as_0008 Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_0009 Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_000a Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_000b Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 124KB

.as_000c Size: 2KB - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_000d Size: 2KB - Virtual size: 4KB

.zero Size: - Virtual size: 1.9MB

.as_000e Size: 4KB - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_000f Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_0010 Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_0011 Size: 2KB - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_0012 Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 60KB

.as_0013 Size: 35KB - Virtual size: 35KB

.text
Size: 498KB - Virtual size: 500KB

.data
Size: 45KB - Virtual size: 48KB

.rsrc
Size: 151KB - Virtual size: 152KB

.poly
Size: 3KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.zero
Size: - Virtual size: 8.3MB

.as_0001
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_0002
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_0003
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_0004
Size: 208KB - Virtual size: 208KB

.zero
Size: - Virtual size: 64KB

.as_0005
Size: 16KB - Virtual size: 16KB

.zero
Size: - Virtual size: 16KB

.as_0006
Size: 112KB - Virtual size: 112KB

.zero
Size: - Virtual size: 800KB

.as_0007
Size: 20KB - Virtual size: 20KB

.zero
Size: - Virtual size: 44KB

.as_0008
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_0009
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_000a
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_000b
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 124KB

.as_000c
Size: 2KB - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_000d
Size: 2KB - Virtual size: 4KB

.zero
Size: - Virtual size: 1.9MB

.as_000e
Size: 4KB - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_000f
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_0010
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_0011
Size: 2KB - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_0012
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 60KB

.as_0013
Size: 35KB - Virtual size: 35KB