c410652d73378dd447a94eed8e38f4ab557707638f35a07a70f843c7611ff1c7

Sharing

Copy URL Twitter E-mail

General

Target

c410652d73378dd447a94eed8e38f4ab557707638f35a07a70f843c7611ff1c7
Size

5.0MB
MD5

afe8b29f8965924ebd3c4594b8922bed
SHA1

53a51e97667da72961a0df7d984d81b70fa90cd8
SHA256

c410652d73378dd447a94eed8e38f4ab557707638f35a07a70f843c7611ff1c7
SHA512

eeaff3b0c681bd2cb8ac68fcf4140c8e9789f3c1ee82f784fbcc36738e3080ed755ece20697c3134ca61eff2a3b115b3ba6d109ed289d7d56cec68ce658e9f0f
SSDEEP

98304:io3EgSCOK+o75cUy2zU0mr7gvVH6Gg0xHjeyoy3IQ:PEgSgtlBVH6Gg0xHHIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c410652d73378dd447a94eed8e38f4ab557707638f35a07a70f843c7611ff1c7

Files

c410652d73378dd447a94eed8e38f4ab557707638f35a07a70f843c7611ff1c7
.exe windows:6 windows x86

4805e8fba0df9349449012d38ce5a258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetFileAttributesW
CreateDirectoryW
CopyFileW
GetCurrentDirectoryW
FindFirstFileW
FindClose
Sleep
ResumeThread
GetCommandLineW
ReadFile
GetOverlappedResult
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
GetVolumeInformationW
GlobalMemoryStatusEx
GetSystemDirectoryW
GlobalFindAtomA
GetDiskFreeSpaceExW
LoadResource
LockResource
SizeofResource
FindResourceExW
GetCurrentProcessId
GetLocalTime
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
FlushFileBuffers
WaitNamedPipeW
GetFileSizeEx
MoveFileExW
FreeLibrary
GetVersionExW
GetGeoInfoW
GetUserGeoID
GetNativeSystemInfo
GetTempPathW
GetEnvironmentVariableW
LoadLibraryExW
Module32FirstW
QueryFullProcessImageNameW
OpenProcess
K32GetProcessImageFileNameW
lstrlenA
LoadLibraryW
OutputDebugStringA
SetFileAttributesW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
DecodePointer
DeleteCriticalSection
FileTimeToSystemTime
GetFileType
GetFileInformationByHandle
SystemTimeToFileTime
GetFileSize
SetFilePointer
FindNextFileW
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleExA
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
ReleaseMutex
CreateMutexW
SetLastError
GlobalFree
EncodePointer
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GlobalSize
MulDiv
GetThreadLocale
GetCurrentThread
lstrcmpA
SetThreadPriority
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
GlobalGetAtomNameW
GetLocaleInfoW
GetSystemDefaultUILanguage
DeleteFileW
GetFullPathNameW
LockFile
UnlockFile
lstrcmpiW
GetWindowsDirectoryW
lstrcpyW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleFileNameA
EnumResourceLanguagesW
GetUserDefaultUILanguage
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetProcessId
WTSGetActiveConsoleSessionId
EnumResourceNamesW
GetTickCount
RemoveDirectoryW
WriteFile
SetProcessShutdownParameters
GetModuleHandleA
WaitForSingleObject
MultiByteToWideChar
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
ResetEvent
CreateEventW
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
SetFilePointerEx
CreateFileW
GetLastError
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcess
DuplicateHandle
WaitForSingleObjectEx
SetEvent
CreateEventA
FormatMessageA
FormatMessageW
WideCharToMultiByte
LocalFree
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
HeapAlloc
RaiseException
HeapFree
GetProcessHeap
LoadLibraryExA
CloseHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
OutputDebugStringW
DeviceIoControl
AreFileApisANSI
GetStringTypeW
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
OpenEventA
SetWaitableTimer
CreateWaitableTimerW
WaitForMultipleObjectsEx
RtlUnwind
InterlockedPushEntrySList
VirtualAlloc
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
GetCommandLineA
HeapQueryInformation
SetStdHandle
GetStdHandle
ExitProcess
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
WriteConsoleW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
ChangeServiceConfigW
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
AllocateAndInitializeSid
EqualSid
FreeSid
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
CryptReleaseContext
CloseServiceHandle
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 227KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4805e8fba0df9349449012d38ce5a258

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

userenv

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 682KB - Virtual size: 682KB

.data Size: 227KB - Virtual size: 246KB

.didat Size: 2KB - Virtual size: 1KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 242KB - Virtual size: 242KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 682KB - Virtual size: 682KB

.data
Size: 227KB - Virtual size: 246KB

.didat
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 242KB - Virtual size: 242KB