5cea7322508620ef1681184e967c4fdaa639aa17f8a6aa884b470727c4bc3b6e

Sharing

Copy URL Twitter E-mail

General

Target

5cea7322508620ef1681184e967c4fdaa639aa17f8a6aa884b470727c4bc3b6e
Size

761KB
MD5

ec5a3ef04812493bd7c15ab6db91513a
SHA1

a6a546bd9821298813ae6c13e1a06da2c4e3c6a0
SHA256

5cea7322508620ef1681184e967c4fdaa639aa17f8a6aa884b470727c4bc3b6e
SHA512

02e3075e145e8e7b42d24e1d5aec77ca4d8b54d2913c129df14f7a6a56cfd6e2bd795ff701d08538bf246addeee498e8a4c93bbf544cbaa28b6e088a82a92dc5
SSDEEP

12288:MBDbQq+gOEFyTbbUfozFaB5Z35kjr0XeNS31h/VKRcw34B91N/8HG1C9iQfgYiDD:8crhaZJsgh/sRia6C9VfvUiD+h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cea7322508620ef1681184e967c4fdaa639aa17f8a6aa884b470727c4bc3b6e

Files

5cea7322508620ef1681184e967c4fdaa639aa17f8a6aa884b470727c4bc3b6e
.dll windows:5 windows x86

e1729645531cc7cf28f089a15bea28bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
SetErrorMode
InterlockedIncrement
CompareStringW
GetModuleHandleA
GetVersionExA
LoadLibraryA
GlobalFindAtomW
GlobalFlags
GetSystemTimeAsFileTime
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
CreateDirectoryW
HeapFree
HeapAlloc
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
GetSystemInfo
ExitProcess
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetStdHandle
TlsAlloc
LocalReAlloc
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
LCMapStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetProcessHeap
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
LCMapStringW
TlsSetValue
TlsGetValue
GetFileSizeEx
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
TerminateThread
LocalAlloc
VirtualAlloc
VirtualProtect
VirtualFree
GetACP
CreatePipe
GetStartupInfoW
GetVersionExW
WaitForMultipleObjects
ReadFile
CreateProcessW
VirtualQuery
LoadLibraryW
GetProcAddress
FreeLibrary
FindNextFileW
FindFirstFileW
FindClose
LocalFree
GetModuleHandleW
GetTickCount
MoveFileW
FreeResource
GetWindowsDirectoryW
GetSystemDirectoryW
CompareFileTime
GetFileTime
FormatMessageW
CreateThread
ResetEvent
InterlockedExchange
CreateEventW
SetEvent
CreateFileW
WriteFile
OpenProcess
TerminateProcess
WaitForSingleObject
InterlockedDecrement
Process32FirstW
Module32NextW
Module32FirstW
Process32NextW
GetCurrentProcess
CreateToolhelp32Snapshot
CloseHandle
lstrlenA
CreateMutexW
GetLastError
MultiByteToWideChar
GetCurrentThreadId
GetModuleFileNameW
lstrlenW
DeleteFileW
GetTempPathW
GetTempFileNameW
Sleep
GetSystemDefaultLangID
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameA
InitializeCriticalSection

user32

ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
PostThreadMessageW
PeekMessageW
LoadStringW
SendMessageW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextW
LoadCursorW
GetSysColorBrush
UnregisterClassW
GetSysColor
DestroyMenu
ReleaseDC
GetDC
GetClientRect
CopyRect
IsWindow
CharUpperW
GetSystemMetrics
CreateWindowExW
GetMenuItemCount
DispatchMessageW
MsgWaitForMultipleObjects
GetSubMenu
GetMenuItemID
GetMenuState
PostMessageW
WaitMessage
KillTimer
SetTimer
EnableWindow
UnhookWindowsHookEx
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
ExtTextOutW
CreateBitmap
PtVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
StartServiceW
QueryServiceStatus
CreateServiceW
OpenSCManagerW
LockServiceDatabase
QueryServiceLockStatusW
OpenServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathFindFileNameW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocString

ws2_32

socket
recv
send
connect
WSACleanup
gethostbyname
htonl
accept
select
bind
WSAGetLastError
WSASetLastError
sendto
recvfrom
WSAAsyncSelect
WSAStartup
inet_addr
htons
closesocket

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCheckConnectionW
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetSetOptionW
InternetCloseHandle

iphlpapi

GetAdaptersInfo

Exports

Exports

InitializePrintMonitorUI

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1729645531cc7cf28f089a15bea28bd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

version

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 374KB - Virtual size: 374KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 13KB - Virtual size: 28KB

.rsrc Size: 233KB - Virtual size: 233KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 374KB - Virtual size: 374KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 13KB - Virtual size: 28KB

.rsrc
Size: 233KB - Virtual size: 233KB

.reloc
Size: 44KB - Virtual size: 43KB