53c67b0a5d5e2b529ab6fb1dbdc998d577ec5f9e33a7e9de0ae481adb42afdf5

Sharing

Copy URL Twitter E-mail

General

Target

53c67b0a5d5e2b529ab6fb1dbdc998d577ec5f9e33a7e9de0ae481adb42afdf5
Size

6.1MB
MD5

1b6cecb3b6f53a0c8671d4e30fe775cb
SHA1

d2ad38b26ada255b6f4a80b951adaccb3ad3cd68
SHA256

53c67b0a5d5e2b529ab6fb1dbdc998d577ec5f9e33a7e9de0ae481adb42afdf5
SHA512

31133b6e09f5032dcc42574c95f37a06f8c8cfb22a730630835c564ede300aee9a477d12e89eb9c1a9935ea8b8c27628c7d97883086fa129967c0e3eb6e7bb8f
SSDEEP

196608:/+M4WT4bLM5CzdG1H7IyRHoROuJQpYarPiI:WM4WTxCkR7IyRIsuJQZPiI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53c67b0a5d5e2b529ab6fb1dbdc998d577ec5f9e33a7e9de0ae481adb42afdf5

Files

53c67b0a5d5e2b529ab6fb1dbdc998d577ec5f9e33a7e9de0ae481adb42afdf5
.exe windows:6 windows x64 arch:x64

b058945561d4389d17443bff52b823ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateMutexW
FreeResource
GlobalAlloc
CreateThread
GlobalLock
LocalFree
GlobalUnlock
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetTimeZoneInformation
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
ExpandEnvironmentStringsW
GetModuleHandleW
GetProcAddress
FindResourceW
Process32FirstW
LoadResource
LockResource
Process32NextW
GetLastError
CreateToolhelp32Snapshot
OpenProcess
CreateFileW
TerminateProcess
WriteFile
GetCurrentProcess
SizeofResource
GetExitCodeProcess
CreateProcessW
CloseHandle
DeleteFileW
ResumeThread
WaitForSingleObject
GetTempPathW
GetModuleFileNameA
GetEnvironmentStringsW
CreateDirectoryW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
HeapAlloc
GetStdHandle
GetModuleFileNameW
RtlUnwind
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW

user32

LoadCursorW
LoadIconW
GetForegroundWindow
ExitWindowsEx
GetDlgCtrlID
SetCursor
GetDlgItem
KillTimer
DialogBoxParamW
PtInRect
SetTimer
ShowWindow
EndDialog
SendMessageW
ReleaseCapture
GetCursorPos
LoadStringW
wsprintfW
FillRect
MessageBoxW
GetDC
GetWindowRect
PostMessageW
ScreenToClient

gdi32

SelectObject
CreateCompatibleDC
CreateFontW
GetStockObject
SetTextColor
SetBkMode
DeleteObject
BitBlt

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
ChangeServiceConfigW
OpenServiceW

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

shlwapi

PathFileExistsW
PathAppendW
SHDeleteKeyW

gdiplus

GdipDisposeImage
GdiplusShutdown
GdipCloneImage
GdipCreateBitmapFromStream
GdipLoadImageFromStream
GdipDeleteGraphics
GdipCreateFromHDC
GdipFree
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipDrawImageRectI
GdiplusStartup

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62.5MB - Virtual size: 62.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b058945561d4389d17443bff52b823ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

version

Sections

.text Size: 199KB - Virtual size: 198KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 62.5MB - Virtual size: 62.5MB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 199KB - Virtual size: 198KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 62.5MB - Virtual size: 62.5MB

.reloc
Size: 3KB - Virtual size: 3KB