fad2f5e391d62c9b8539078d7a190b7cc5ae09c39f9fef2f2c08dc322d88f04a

Sharing

Copy URL Twitter E-mail

General

Target

fad2f5e391d62c9b8539078d7a190b7cc5ae09c39f9fef2f2c08dc322d88f04a
Size

542KB
MD5

387b37690e7c873f5f2ba9e4f90a145c
SHA1

3aa7e43656a8c6c8bc99a2d74174cf17c2cd5f44
SHA256

fad2f5e391d62c9b8539078d7a190b7cc5ae09c39f9fef2f2c08dc322d88f04a
SHA512

2cee88aead346a273e0c8d8b4a03cd45b888f2c1a8a29b1d6634ad83bb30abe63b6fb7c4ca7d6293296cc9885ca81f13f20390c1ca82ac18338deaa9f25215e6
SSDEEP

12288:hutEbFlDGO1D6bpzCQ/N4KSaFpG9y2dYGYEIlRSZ+sDiRVdXg:FbEd/N9xY9PIlRSZhDiRV6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fad2f5e391d62c9b8539078d7a190b7cc5ae09c39f9fef2f2c08dc322d88f04a

Files

fad2f5e391d62c9b8539078d7a190b7cc5ae09c39f9fef2f2c08dc322d88f04a
.exe windows:5 windows x86 arch:x86

a9849042a8ba09b9687e913c8dc2ddd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHCreateDirectoryExW
ShellExecuteExW

shlwapi

StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
SHSetValueA
SHGetValueA
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathCombineW
PathIsDirectoryW
StrStrIW

kernel32

GetProcessHeap
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThreadId
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
LoadResource
SizeofResource
CloseHandle
CreateMutexW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FindResourceExW
IsBadReadPtr
FreeLibrary
FindClose
LoadLibraryW
FindFirstFileW
FindNextFileW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
Sleep
CreateEventW
DeleteFileW
MultiByteToWideChar
WideCharToMultiByte
GlobalMemoryStatusEx
GetCurrentProcess
TerminateProcess
SetLastError
WriteFile
ReadFile
GetSystemTimeAsFileTime
HeapSize
GetTickCount
CreatePipe
PeekNamedPipe
lstrcpynW
lstrlenW
CreateProcessW
GetStartupInfoW
GetSystemDirectoryW
CreateFileW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
VirtualProtect
GetProcAddress
LockResource
LCMapStringW
WaitForMultipleObjects
GetExitCodeThread
SetFilePointerEx
WriteConsoleW
GetConsoleCP
FlushFileBuffers
GetConsoleMode
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
ExitThread
GetFileType
GetACP
GetStdHandle
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleExW
FindFirstFileExW
IsDebuggerPresent
OutputDebugStringW
TryEnterCriticalSection
QueryPerformanceCounter
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
DeviceIoControl
lstrcmpA
lstrcmpiA
CreateFileA
InterlockedCompareExchange
FreeResource
LoadLibraryExW
GetSystemWindowsDirectoryW
GetVersionExW
LocalFree
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
VirtualAlloc
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
GetFileAttributesExW
ExitProcess

user32

PostThreadMessageW
PeekMessageW
LoadIconW
LoadCursorW
UpdateWindow
TranslateAcceleratorW
LoadAcceleratorsW
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegSetValueExW

ole32

CoCreateGuid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a9849042a8ba09b9687e913c8dc2ddd7

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

kernel32

user32

advapi32

ole32

version

urlmon

iphlpapi

Sections

.text Size: 277KB - Virtual size: 277KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 8KB - Virtual size: 29KB

.rsrc Size: 93KB - Virtual size: 93KB

.reloc Size: 79KB - Virtual size: 80KB

.text
Size: 277KB - Virtual size: 277KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 8KB - Virtual size: 29KB

.rsrc
Size: 93KB - Virtual size: 93KB

.reloc
Size: 79KB - Virtual size: 80KB