5ad40d0ac1f3f0412840216cb695403906ca684e[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5ad40d0ac1f3f0412840216cb695403906ca684e.exe
Size

18.7MB
MD5

3b6d17a84f9cca41396f5187f8a552f4
SHA1

5ad40d0ac1f3f0412840216cb695403906ca684e
SHA256

863a431e7af3c3560894917279944595c3af03009976ebaf0ab97e60cc0b8131
SHA512

8c166125885050b27b39a1c3cfb34255380fecd095c6ee50aaa680226f2fa5f5dcfdd29bbd232bf4b74dd355e5416c287909f421ca17f61323e3e97cf624e61d
SSDEEP

393216:NC4zwkcT6OADC80KwZMEs89pDCVOkZicAiDF0UaV1Nt:vzwtTjeCXqEN9pDLXcfF8n7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ad40d0ac1f3f0412840216cb695403906ca684e.exe

Files

5ad40d0ac1f3f0412840216cb695403906ca684e.exe
.exe windows:4 windows x86 arch:x86

588385192249056dd9c9ef626b461f02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
DuplicateHandle
LoadLibraryExW
lstrcmpiW
GlobalAddAtomW
GlobalFindAtomW
GetThreadLocale
Beep
GetUserDefaultLCID
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
OutputDebugStringW
FindResourceW
SizeofResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetDriveTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetCurrentDirectoryA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetOEMCP
LoadResource
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
GetLocaleInfoW
LCMapStringW
LCMapStringA
RtlUnwind
RemoveDirectoryW
GetFullPathNameW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
GetTimeZoneInformation
CreateThread
ExitThread
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InterlockedCompareExchange
GetVersionExA
LoadLibraryA
LocalAlloc
GetCPInfo
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDirectoryW
ResumeThread
ReleaseMutex
GetVolumeInformationW
VirtualFree
FlushFileBuffers
VirtualAlloc
GetFileTime
SetFileAttributesW
MoveFileExW
GetFileAttributesW
GlobalFree
WritePrivateProfileStringW
GetEnvironmentVariableW
TlsFree
GlobalDeleteAtom
LockResource
FreeResource
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
DeleteFileW
CopyFileW
CreateDirectoryW
Sleep
GetComputerNameW
InterlockedExchange
CreateMutexW
IsBadReadPtr
GetCurrentThread
IsValidCodePage
SetThreadPriority
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
GlobalGetAtomNameW
SetCurrentDirectoryW
TerminateProcess
OpenProcess
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetTempFileNameW
WriteFile
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
IsBadStringPtrA
ReadFile
SetFilePointer
CloseHandle
CreateFileW
GetSystemTime
GetDateFormatA
lstrlenA
CompareFileTime
GetNumberFormatA
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocaleInfoA
GetTimeFormatA
LocalFree
FormatMessageW
WaitForMultipleObjects
IsBadStringPtrW
GetModuleHandleW
IsBadCodePtr
GetProcAddress
LoadLibraryW
FreeLibrary
GetTempPathW
RaiseException
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
SetLastError
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
InitializeCriticalSection
GetTickCount
WideCharToMultiByte
MulDiv
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentThreadId
lstrcpyW
lstrlenW
ExitProcess
GetACP
MultiByteToWideChar
HeapSize

user32

FindWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
InsertMenuItemW
ModifyMenuW
WinHelpW
GetDC
ReleaseDC
GetSysColorBrush
GetClassNameW
EnumChildWindows
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindow
EnumThreadWindows
CopyRect
FillRect
GetSysColor
DrawTextW
UnregisterClassA
MessageBoxExW
EnableMenuItem
DialogBoxParamW
CheckDlgButton
MessageBeep
IsDlgButtonChecked
SendMessageTimeoutW
EnumWindows
LoadIconW
LoadStringW
SetDlgItemTextW
EndDialog
SetClassLongW
IntersectRect
LoadImageW
FrameRect
ClipCursor
CharNextExA
GetActiveWindow
SetActiveWindow
CheckRadioButton
PostQuitMessage
GetMenuItemID
RemoveMenu
GetWindowDC
GetNextDlgTabItem
FindWindowW
UnregisterHotKey
GetGUIThreadInfo
ReuseDDElParam
UnpackDDElParam
PeekMessageW
MessageBoxW
SendDlgItemMessageW
CharLowerBuffW
GetMonitorInfoW
GetLastInputInfo
EnumDisplayMonitors
MonitorFromPoint
AppendMenuW
TrackPopupMenuEx
CreatePopupMenu
UnionRect
MonitorFromRect
DestroyIcon
GetForegroundWindow
LockSetForegroundWindow
SetClipboardData
EmptyClipboard
CloseClipboard
CreateWindowExW
SendMessageW
InflateRect
SetWindowPos
GetWindowLongW
SetWindowLongW
EnableWindow
InvalidateRect
UpdateWindow
GetWindowRect
LoadBitmapW
IsWindowEnabled
InvertRect
GetSystemMenu
InsertMenuW
GetDlgItemTextW
MapVirtualKeyW
VkKeyScanW
GetKeyNameTextW
RegisterHotKey
SetFocus
GetClientRect
MapWindowPoints
GetCursorPos
TrackPopupMenu
DestroyMenu
DrawIconEx
AttachThreadInput
GetWindowThreadProcessId
keybd_event
OffsetRect
GetMessagePos
IsWindowVisible
GetWindowRgn
SetWindowRgn
BringWindowToTop
SetWindowPlacement
GetWindowPlacement
CloseWindow
DrawAnimatedRects
IsDialogMessageW
GetUpdateRgn
EqualRect
SetCursor
SetRect
IsRectEmpty
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CreateDialogParamW
OpenClipboard
DestroyAcceleratorTable
GetFocus
GetWindow
CharNextW
CreateAcceleratorTableW
ScreenToClient
MoveWindow
InvalidateRgn
GetDesktopWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetDlgItem
GetKeyState
SetForegroundWindow
IsIconic
IsChild
RegisterWindowMessageW
ShowWindow
SetParent
WindowFromPoint
RedrawWindow
CallWindowProcW
DefWindowProcW
ClientToScreen
AdjustWindowRectEx
GetMenu
KillTimer
PtInRect
ReleaseCapture
GetDlgCtrlID
SetTimer
SystemParametersInfoW
GetCapture
SetCapture
EndPaint
BeginPaint
SetRectEmpty
DrawFocusRect
DrawEdge
GetParent
DestroyWindow
PostMessageW
GetSystemMetrics

gdi32

SetTextAlign
ExtTextOutW
EnumFontFamiliesExW
CreateDCW
SetMapMode
GetCurrentObject
CreateRectRgnIndirect
AddFontResourceW
RemoveFontResourceW
GetObjectType
Polyline
Polygon
EnumFontsW
GetDeviceCaps
FrameRgn
CreateFontIndirectA
TextOutA
GetCurrentPositionEx
LineTo
GetGlyphOutlineW
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
GetTextFaceA
SetBkMode
SetTextColor
CreateCompatibleDC
GetStockObject
BitBlt
GetObjectW
RectInRegion
CreateSolidBrush
CreateCompatibleBitmap
GetRgnBox
GetPixel
CreateRectRgn
MoveToEx
CreatePen
DeleteDC
SelectObject
CreateFontW
GetTextFaceW
GetTextCharset
GetTextMetricsW
GetGlyphOutlineA
DeleteObject
GetMapMode
CreateFontIndirectW
GetCharacterPlacementW
CombineRgn
PtInRegion
StretchBlt
PatBlt
CreateBitmap
CreatePatternBrush
TranslateCharsetInfo
GetTextExtentPoint32W
SetBkColor
LPtoDP
FillRgn
CreateRoundRectRgn

comdlg32

GetOpenFileNameW
CommDlgExtendedError

advapi32

FreeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegEnumKeyExW
GetUserNameW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
AllocateAndInitializeSid

shell32

ExtractIconW
SHGetFolderPathW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW

ole32

OleLoadFromStream
CoGetMalloc
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateInstance
CLSIDFromProgID
CoCreateGuid
CoTaskMemRealloc

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
VariantClear
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VarUI4FromStr
UnRegisterTypeLi
VarBstrCmp
SysStringByteLen
OleCreateFontIndirect
SafeArrayCopy
SafeArrayGetVartype
SysAllocStringByteLen
DispCallFunc
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantCopy
SysAllocStringLen

shlwapi

StrStrIW
PathAddBackslashW
PathFindFileNameW
PathFindExtensionW

comctl32

ImageList_SetBkColor
ImageList_AddMasked
ImageList_Add
ImageList_Create
ImageList_GetIconSize
_TrackMouseEvent
ImageList_Draw
ImageList_Destroy
ord17

urlmon

URLDownloadToFileW

imm32

ImmGetContext
ImmSetOpenStatus
ImmGetOpenStatus

ws2_32

WSAStartup
inet_ntoa
gethostbyname
gethostname
WSACleanup

wininet

InternetGetLastResponseInfoW
UnlockUrlCacheEntryFileW
RetrieveUrlCacheEntryFileW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestW
InternetQueryOptionW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetGetCookieW
InternetSetCookieW
InternetCrackUrlW

rasapi32

RasEnumConnectionsW
RasGetConnectStatusW

psapi

GetModuleFileNameExW
EnumProcessModules

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

_LoadError

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.6MB - Virtual size: 16.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

588385192249056dd9c9ef626b461f02

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

imm32

ws2_32

wininet

rasapi32

psapi

iphlpapi

version

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 449KB - Virtual size: 449KB

.data Size: 40KB - Virtual size: 183KB

.rsrc Size: 16.6MB - Virtual size: 16.6MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 449KB - Virtual size: 449KB

.data
Size: 40KB - Virtual size: 183KB

.rsrc
Size: 16.6MB - Virtual size: 16.6MB