a5c3ba50efb6d1fa26ce9f98532ec24f43e34b56c316897ee082b05d49b719e9

Sharing

Copy URL

Twitter E-mail

General

Target

a5c3ba50efb6d1fa26ce9f98532ec24f43e34b56c316897ee082b05d49b719e9
Size

2.1MB
MD5

42b1a84313f4cc5f4127e273b295b65b
SHA1

6675fd6f142940065537c711994f56f0d8b5da6e
SHA256

a5c3ba50efb6d1fa26ce9f98532ec24f43e34b56c316897ee082b05d49b719e9
SHA512

c9e45743af35f01392139ff569df61af64f357cc3e779acf44cf8fee2bfa0775cb8e428a5b781145c2dbe34d510675f746e4fd2b7341bc0db66f24aae35f91d1
SSDEEP

49152:KhQKG0f0I2PtTaBtctiodNmr1hOPy7Nrq++551erAf:x0fSPhaBtSzmLn7Nr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5c3ba50efb6d1fa26ce9f98532ec24f43e34b56c316897ee082b05d49b719e9

Files

a5c3ba50efb6d1fa26ce9f98532ec24f43e34b56c316897ee082b05d49b719e9
.dll windows:5 windows x86 arch:x86

034ca1cf7732d55071628d2f883d6d1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrlenA
LoadLibraryA
FindNextFileW
GetCommandLineA
DeleteCriticalSection
DecodePointer
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
OutputDebugStringA
GetTempPathW
WinExec
CallNamedPipeA
GetModuleFileNameW
OutputDebugStringW
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameA
GetCommandLineW
FindClose
FindFirstFileW
ReadFile
DeleteFileW
SwitchToThread
WriteFile
SetEndOfFile
CreateFileA
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetUserDefaultLCID
IsValidLocale
GetFullPathNameW
GetCurrentDirectoryW
GetACP
GetConsoleCP
ReadConsoleW
ExitProcess
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileAttributesExW
FileTimeToSystemTime
LocalFree
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
GlobalMemoryStatus
GetFileSizeEx
WaitForSingleObject
GetExitCodeProcess
Sleep
CreateProcessW
OpenProcess
TerminateProcess
GetCurrentProcessId
GetDriveTypeW
GetCurrentThreadId
GetFileAttributesW
SystemTimeToFileTime
SetFileTime
CreateDirectoryW
SetLastError
FormatMessageA
SetFilePointerEx
InitializeCriticalSection
GetFileAttributesA
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
ExpandEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
FlushConsoleInputBuffer
GetSystemTime
IsDebuggerPresent
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
GetCPInfo
CompareStringW

user32

wsprintfW
GetSystemMetrics
wsprintfA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptExportKey
CryptDecrypt
CryptCreateHash
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DuplicateTokenEx
CheckTokenMembership
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptDestroyHash
CryptSignHashW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CryptEnumProvidersW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHFileOperationW
SHChangeNotify
CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantClear

ws2_32

select
__WSAFDIsSet
socket
WSAGetLastError
sendto
setsockopt
send
bind
closesocket
connect
getpeername
recvfrom
listen
WSASetLastError
freeaddrinfo
getaddrinfo
WSACleanup
getsockname
getsockopt
htons
ntohs
WSAIoctl
WSAStartup
ioctlsocket
gethostname
shutdown
htonl
accept
gethostbyname
getservbyname
recv

wldap32

ord208
ord46
ord14
ord216
ord145
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord219

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertOpenStore

shlwapi

PathAppendW
PathFileExistsW
PathFileExistsA
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
PathRemoveBackslashW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW

Exports

Exports

InstallReport
InstallSelected
KillInstallFolderProcess
ReleaseObjects
SetUninstallData

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

034ca1cf7732d55071628d2f883d6d1b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

wldap32

crypt32

shlwapi

version

iphlpapi

wtsapi32

psapi

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 457KB - Virtual size: 456KB

.data Size: 46KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 457KB - Virtual size: 456KB

.data
Size: 46KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 72KB - Virtual size: 72KB