5bed1b0b540a0c4b45064b0d1d190c3b9830eac707b730459985180be05599d7

Sharing

Copy URL Twitter E-mail

General

Target

5bed1b0b540a0c4b45064b0d1d190c3b9830eac707b730459985180be05599d7
Size

95KB
MD5

10d0a420df9b868aadd4aef6cb7b463d
SHA1

59839c18abc191cf2b4709f69559a1b0af7fb026
SHA256

5bed1b0b540a0c4b45064b0d1d190c3b9830eac707b730459985180be05599d7
SHA512

18fe997c6a723f5a1fe59d8d0a3d67cfe1ac443215625a988d62a54007c8b8a7d912978b623545bfbb2362178d4edca733b17f50c3dd659be7aa81ff08bcd6b6
SSDEEP

1536:43oJxhLPLd3me/sLrnqI8eqibnR+PnoPNiIBFq5ZIX:FlzA8erq9EVLNxFq5ZIX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bed1b0b540a0c4b45064b0d1d190c3b9830eac707b730459985180be05599d7

Files

5bed1b0b540a0c4b45064b0d1d190c3b9830eac707b730459985180be05599d7
.exe windows:5 windows x86

69bd5c751f192ea975233a3a718f76a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetCurrentProcess
CloseHandle
CreateFileA
GetModuleFileNameA
SetLastError
GetModuleHandleA
TerminateProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
InterlockedDecrement
GetCurrentThreadId
FormatMessageA
LocalFree
GetProcAddress
LoadLibraryA
lstrlenA
GetTickCount
FreeEnvironmentStringsW
Sleep
DeleteFileA
SetEndOfFile
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
GetCurrentProcessId
QueryPerformanceCounter
ReadFile
ExitProcess
GetConsoleMode
GetConsoleCP
WriteFile
VirtualAlloc
VirtualFree
HeapCreate
IsValidCodePage
HeapFree
GetProcessHeap
InterlockedIncrement
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapReAlloc
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetFileType
GetACP
GetOEMCP
GetEnvironmentStringsW

user32

DefWindowProcA
PostMessageA
CreateWindowExA
DestroyWindow
TranslateMessage
RegisterClassExA
GetMessageA
wsprintfA
DispatchMessageA
PostQuitMessage

advapi32

RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
ControlService
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle

oleaut32

VariantClear

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69bd5c751f192ea975233a3a718f76a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 448B

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 448B