e5ddfa9f083df81e2f8a9f265dc61b9a8a68f64671b19ed701aa8d985ae75ec8

Sharing

Copy URL Twitter E-mail

General

Target

e5ddfa9f083df81e2f8a9f265dc61b9a8a68f64671b19ed701aa8d985ae75ec8
Size

11.5MB
MD5

448993d8326642dbb6a092b479f6e50b
SHA1

0076734762e5abe257db022110213b602a3f996a
SHA256

e5ddfa9f083df81e2f8a9f265dc61b9a8a68f64671b19ed701aa8d985ae75ec8
SHA512

29ed0cac59f8349f80b0aba19af71959ae9c0c98e1b859404b06125b4853f69ae9367b4f68cf2c27fc727559459b2a413ae2b0ac07692183ea2bdbe01952abe3
SSDEEP

196608:XqjczWD94+gcyNhk4baPAIlft3MqtjXqrEgRG5xNLLR13yZEw6gx9EPfC3+/gV:XIyWD9AbRuoIlV3NluEEcxNLVJyZMo97

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5ddfa9f083df81e2f8a9f265dc61b9a8a68f64671b19ed701aa8d985ae75ec8

Files

e5ddfa9f083df81e2f8a9f265dc61b9a8a68f64671b19ed701aa8d985ae75ec8
.exe windows:5 windows x86 arch:x86

498d2bef5f1591e2d0a21ef8b8283534

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
shutdown

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

kernel32

SetUnhandledExceptionFilter
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
GetLastError
FindClose
CloseHandle
GetTempPathW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
CreateFileW
DeleteFileW
FindFirstFileW
FreeLibrary
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
IsDebuggerPresent
Sleep
DuplicateHandle
WaitForSingleObjectEx
LoadLibraryA
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
LockResource
SetLastError
LoadResource
FindResourceExW
GetFileAttributesW
WriteFile
FlushFileBuffers
CreateThread
SizeofResource
FindResourceW
GetFileAttributesExW
InterlockedExchange
LocalFree
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetTickCount
CreateProcessW
SetEnvironmentVariableW
GetUserDefaultUILanguage
SetThreadUILanguage
CompareStringW
AttachConsole
DecodePointer
FormatMessageA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VerSetConditionMask
SleepEx
VerifyVersionInfoA
WaitForSingleObject
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
FlushConsoleInputBuffer
GetCurrentThreadId
GetModuleHandleA
GlobalMemoryStatus
QueryPerformanceCounter
GetSystemTime
FlushInstructionCache
GetVersionExW
SetEndOfFile
SetFilePointer
VirtualAlloc
VirtualFree
GetSystemInfo
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
CreateSemaphoreW
SetFileAttributesW
UnhandledExceptionFilter
GetCPInfo
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SwitchToThread
LCMapStringW
SignalObjectAndWait
CreateTimerQueue
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
GetFileInformationByHandle
FileTimeToLocalFileTime
LoadLibraryExW
ExitThread
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetDriveTypeW
FindFirstFileExW
RtlUnwind
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
EncodePointer
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetEnvironmentVariableA
FreeConsole

user32

SendMessageW
LoadStringW
WaitForInputIdle
UnregisterClassW
MessageBoxW
CharLowerW
CharUpperW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
DestroyIcon
LoadImageW
GetProcessWindowStation
DrawIconEx
LoadIconW
SetWindowLongW
GetUserObjectInformationW
GetWindowLongW
InflateRect
CopyRect
DrawFocusRect
GetSysColor
ScreenToClient
MessageBeep
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
EnableMenuItem
GetSystemMenu
GetSystemMetrics
EnableWindow
KillTimer
SetTimer
SetFocus
GetDialogBaseUnits
CheckDlgButton
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SetWindowPos
ShowWindow
IsWindow
CallWindowProcW
DefWindowProcW
PostMessageW
MessageBoxA
MoveWindow

gdi32

SelectObject
SetBkMode
SetTextColor
CreateDCW
CreateFontIndirectW
DeleteObject
ExtTextOutW
CreatePen
GetStockObject
CreateSolidBrush
DeleteDC
SetBkColor
RoundRect

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

shell32

DuplicateIcon
ord680
CommandLineToArgvW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

VariantCopy
VariantClear
SysFreeString
SysAllocString
SysAllocStringByteLen

version

VerQueryValueW
GetFileVersionInfoW

comctl32

InitCommonControlsEx
_TrackMouseEvent

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38.6MB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

498d2bef5f1591e2d0a21ef8b8283534

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

comctl32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 430KB - Virtual size: 429KB

.data Size: 50KB - Virtual size: 78KB

.rsrc Size: 38.6MB - Virtual size: 38.6MB

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 430KB - Virtual size: 429KB

.data
Size: 50KB - Virtual size: 78KB

.rsrc
Size: 38.6MB - Virtual size: 38.6MB

.reloc
Size: 78KB - Virtual size: 77KB