5348bf5f2aa3c0db0286f92965a45845

Sharing

Copy URL Twitter E-mail

General

Target

5348bf5f2aa3c0db0286f92965a45845
Size

3.0MB
MD5

5348bf5f2aa3c0db0286f92965a45845
SHA1

2179582641136030ffedf56bc86711f3ee69607f
SHA256

a93573de59bd7a708d11797d11b11148b6a5759c9ef1e9b86ce55e59a8e91c40
SHA512

481a456d039c6af670dac96020f67ed488199c25c8f640e7aaaf80f6a446493f7fd0e973835748a1a03869d662e87abaf2abaac28522d99bfcbcff5d7e8b513e
SSDEEP

49152:dmr3xa4PY3CSUjI754JoiWNyTHqwSPgaOr0p343PKf16jaPucaMct8QM4tRo2P:gjrPY314I754ZWNBwjaHpI/KQpSQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5348bf5f2aa3c0db0286f92965a45845

Files

5348bf5f2aa3c0db0286f92965a45845
.exe windows:5 windows x86 arch:x86

ed62548458b85b2aa5a2adb87ae78427

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
inet_ntoa
getnameinfo
gethostname
ioctlsocket
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
ntohs
getsockopt
getpeername
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
setsockopt
bind
recvfrom
sendto
WSACleanup
closesocket
WSAStartup
inet_addr
getsockname
socket
connect
htons

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertCreateCertificateContext

wldap32

ord143
ord217
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46

kernel32

FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
GetModuleFileNameA
FindFirstFileW
FindNextFileW
GetCurrentProcess
WriteFile
GetModuleFileNameW
FindClose
CreateFileW
OpenProcess
GetFileAttributesA
CreateFileA
CloseHandle
SetFileAttributesA
GetProcAddress
GetModuleHandleW
GetFileType
GetCurrentThreadId
GetCurrentProcessId
HeapFree
SetLastError
SystemTimeToTzSpecificLocalTime
LoadLibraryA
HeapAlloc
GetProcessHeap
FreeLibrary
Sleep
GetTickCount
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcessTimes
MultiByteToWideChar
WideCharToMultiByte
GetComputerNameA
GetModuleHandleA
ExpandEnvironmentStringsA
CreateMutexA
GetLastError
CreateDirectoryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SleepEx
WaitForSingleObject
WaitForMultipleObjects
GetStdHandle
PeekNamedPipe
FormatMessageA
VerSetConditionMask
GetSystemDirectoryA
HeapSize
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleExW
LoadLibraryW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
SystemTimeToFileTime
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
GetACP
GetConsoleCP
FlushFileBuffers
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetFileAttributesExW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
SwitchToThread
CreateEventW
QueryPerformanceFrequency
GetStringTypeW
GetDriveTypeW
VerifyVersionInfoA

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

RegSetValueExA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA

shlwapi

PathRemoveFileSpecA
PathAddBackslashA

ntdll

NtQuerySystemInformation

iphlpapi

GetAdaptersInfo
SendARP

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 815KB - Virtual size: 815KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed62548458b85b2aa5a2adb87ae78427

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

kernel32

user32

advapi32

shlwapi

ntdll

iphlpapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 534KB - Virtual size: 534KB

.data Size: 22KB - Virtual size: 36KB

.vmp0 Size: 815KB - Virtual size: 815KB

.reloc Size: 78KB - Virtual size: 78KB

.rsrc Size: 1024B - Virtual size: 872B

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 534KB - Virtual size: 534KB

.data
Size: 22KB - Virtual size: 36KB

.vmp0
Size: 815KB - Virtual size: 815KB

.reloc
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 1024B - Virtual size: 872B