b51dc5a37cc6420609160fee32cd0133ca7d00c50d5b884b5b666623dc948af7

Sharing

Copy URL Twitter E-mail

General

Target

b51dc5a37cc6420609160fee32cd0133ca7d00c50d5b884b5b666623dc948af7
Size

7.8MB
MD5

a72c02d2ecf3fa3ff2a7880f6e52d5e9
SHA1

c4960dfd9a8d62a9b5cc7bfd02f629e0d70a5956
SHA256

b51dc5a37cc6420609160fee32cd0133ca7d00c50d5b884b5b666623dc948af7
SHA512

4f4687ba2a6e5843beab5d8b4a888015db93e57c3975aede696b0636d49880a732b5e30e3ef5c24bd6c3a2b908ddad4e0a93c66ecbf60b0a90e3acbad0ff668f
SSDEEP

98304:9wgxN8iAkf2/+pIbtFvAsf86DOww5n0Ysz/cwpAG6fkb:9wOgKXTh0B3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b51dc5a37cc6420609160fee32cd0133ca7d00c50d5b884b5b666623dc948af7

Files

b51dc5a37cc6420609160fee32cd0133ca7d00c50d5b884b5b666623dc948af7
.exe windows:5 windows x86 arch:x86

b4dbfa6d03eb1bcba269a625f1ad262d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
Sleep
DeviceIoControl
CreateFileA
CreateEventA
GetCurrentProcessId
LockResource
LoadResource
SizeofResource
WriteFile
FindResourceA
TerminateProcess
CreateProcessA
GetLocalTime
GetProcAddress
LoadLibraryA
WTSGetActiveConsoleSessionId
GetFileAttributesA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetExitCodeProcess
GetVersionExA
LocalAlloc
FreeLibrary
FindClose
GetSystemTimeAsFileTime
CompareFileTime
FindFirstFileA
FindNextFileA
WaitForSingleObjectEx
SetConsoleCtrlHandler
GetModuleHandleA
GetTickCount
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
ReadFile
DeleteFileA
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetModuleFileNameA
VerifyVersionInfoA
SetWaitableTimer
CreateWaitableTimerA
CreateEventW
SleepEx
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueueUserAPC
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
TerminateThread
InterlockedCompareExchange
VerSetConditionMask
WideCharToMultiByte
FormatMessageW
FormatMessageA
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
GetLastError
GetProcessHeap
HeapFree
HeapAlloc
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
LocalFree
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
AreFileApisANSI
InterlockedIncrement
TlsFree
TlsSetValue
DuplicateHandle
SwitchToThread
GetCurrentThread
GetExitCodeThread
EncodePointer
DecodePointer
RaiseException
QueryPerformanceFrequency
CreateDirectoryW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
RemoveDirectoryW
GetModuleHandleW
TlsAlloc
TlsGetValue

user32

ExitWindowsEx

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysAllocStringLen
VarBstrCat
SysStringLen
SysFreeString

advapi32

SetServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
StartServiceA
QueryServiceStatusEx
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
ChangeServiceConfigA
StartServiceCtrlDispatcherA
RegCloseKey
RegisterServiceCtrlHandlerExA
RegSetValueExA
RegCreateKeyExA
InitiateSystemShutdownExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserA

ws2_32

WSAIoctl
select
connect
accept
__WSAFDIsSet
WSARecv
WSAStringToAddressW
WSAAddressToStringW
WSASocketW
WSASetLastError
ntohs
ntohl
listen
freeaddrinfo
htonl
getsockopt
getsockname
getpeername
bind
WSASend
WSAGetLastError
ioctlsocket
closesocket
WSACleanup
WSAStartup
sendto
socket
inet_addr
inet_ntoa
htons
getaddrinfo
WSASendTo
setsockopt

mswsock

AcceptEx
GetAcceptExSockaddrs

setupapi

SetupDiGetDeviceInstanceIdA
CM_Get_DevNode_Status_Ex
CM_Get_DevNode_Status
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInfoListDetailA

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses
GetIpNetTable
DeleteIpNetEntry
GetPerAdapterInfo

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4dbfa6d03eb1bcba269a625f1ad262d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

advapi32

ws2_32

mswsock

setupapi

netapi32

version

iphlpapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 261KB - Virtual size: 260KB

.data Size: 32KB - Virtual size: 38KB

.rsrc Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 261KB - Virtual size: 260KB

.data
Size: 32KB - Virtual size: 38KB

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 59KB - Virtual size: 58KB