05d8d00700a9f492d986923dd682a43d

Sharing

Copy URL

Twitter E-mail

General

Target

05d8d00700a9f492d986923dd682a43d
Size

284KB
MD5

05d8d00700a9f492d986923dd682a43d
SHA1

90f5068d5fdbf23f7ec79deb0cce98ad1cd5920a
SHA256

51c74f9c253578460ea84016b5aa2f3c185ee0190f7c1f199199d848d8e0d8d1
SHA512

3e3d7c085a183a4d909f97cfa9dc774a8b667b1c43b932774fa9c6bdc68876c7d854c83a5cb8b1e281e0e419f2bff7a02d825d9afc0cd441115bbd6f63c3155a
SSDEEP

6144:/AnRDTd+HkxDtgppKxrFwaFaXWYlTjB3agnyxIb4X:/UxxDgoxrFwaFam+jB3aum

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05d8d00700a9f492d986923dd682a43d

Files

05d8d00700a9f492d986923dd682a43d
.exe windows:5 windows x86 arch:x86

9ed64e0b11c5a92dda40b744cba77c23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrA
PathFileExistsA
StrChrA
SHDeleteKeyA
StrToIntA
wnsprintfA
StrStrIA
StrNCatA

version

VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA

kernel32

LoadLibraryA
GetVersionExA
lstrcpynA
MoveFileExA
lstrcatA
SetCurrentDirectoryA
WaitForMultipleObjects
GetModuleHandleA
GetCurrentDirectoryA
GetTempPathA
WaitForSingleObject
FindResourceA
lstrcmpA
LoadResource
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GlobalLock
InitializeCriticalSection
GlobalAlloc
SizeofResource
LeaveCriticalSection
MulDiv
IsDBCSLeadByte
MultiByteToWideChar
GlobalUnlock
FlushInstructionCache
RaiseException
SetLastError
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MapViewOfFile
ExpandEnvironmentStringsA
CreateFileMappingA
OpenFileMappingA
OpenMutexA
GetFileAttributesA
GetComputerNameA
GetVolumeInformationA
LocalFree
GetTickCount
FreeResource
GlobalFree
LockResource
GetFullPathNameA
DosDateTimeToFileTime
SetFileTime
GetLocalTime
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
GetLocaleInfoA
RtlUnwind
CreateThread
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetStdHandle
HeapCreate
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetCommandLineA
GetConsoleMode
GetConsoleCP
GetFileType
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
lstrcpyA
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
DeleteFileA
LoadLibraryExA
GetProcAddress
FreeLibrary
ReadFile
HeapFree
SetEndOfFile
SetFilePointer
GetFileSize
CreateToolhelp32Snapshot
CreateMutexA
GetModuleFileNameA
Process32Next
GetLastError
TerminateProcess
CreateProcessA
GetExitCodeProcess
Sleep
OpenProcess
WriteFile
GetProcessHeap
SleepEx
Process32First
HeapAlloc
ExitProcess
CloseHandle
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateDirectoryA
lstrlenA
CreateFileA
lstrcmpiA
lstrlenW
WideCharToMultiByte
GetFileTime
FlushFileBuffers

user32

GetDlgItem
ShowWindow
GetWindowThreadProcessId
MessageBoxA
EnumWindows
SendMessageA
LoadCursorA
FindWindowA
SystemParametersInfoA
DispatchMessageA
SetWindowPos
DefWindowProcA
PeekMessageA
CreateWindowExA
GetWindowLongA
TranslateMessage
IsDialogMessageA
ExitWindowsEx
SetCursor
GetWindowDC
DrawFocusRect
ClientToScreen
GetClassNameA
DestroyAcceleratorTable
ScreenToClient
IsChild
GetClassInfoExA
SetCapture
DrawTextA
CharNextA
CreateAcceleratorTableA
UnregisterClassA
GetDesktopWindow
GetSysColor
GetSysColorBrush
IsWindow
ReleaseCapture
CallWindowProcA
GetWindow
InvalidateRgn
RedrawWindow
GetWindowTextLengthA
IsDlgButtonChecked
CheckRadioButton
EnableWindow
FillRect
RegisterWindowMessageA
SetWindowTextA
GetDlgCtrlID
MoveWindow
EndPaint
GetKeyState
GetFocus
GetParent
IsWindowEnabled
BeginPaint
GetDC
GetWindowTextA
SetWindowLongA
InvalidateRect
ReleaseDC
PostMessageA
UpdateWindow
DestroyWindow
GetMessageA
GetWindowRect
RegisterClassExA
PostQuitMessage
LoadIconA
GetClientRect
SetFocus

gdi32

DeleteDC
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetTextExtentPointA
GetObjectA
GetStockObject
TextOutA
CreateDIBitmap
SetTextColor
BitBlt
CreateSolidBrush
SetBkColor
CreateRectRgn
CreateCompatibleBitmap
GetDeviceCaps
GetMapMode
SetMapMode
DPtoLP
CreateFontA
LPtoDP

advapi32

OpenServiceA
RegEnumKeyA
RegQueryInfoKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountNameA
ConvertSidToStringSidA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteValueA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteExA
SHGetFolderPathA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
CoGetClassObject
CoCreateInstance
CLSIDFromProgID

oleaut32

LoadTypeLi
VariantInit
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
LoadRegTypeLi
OleLoadPicture
SysStringLen
SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ed64e0b11c5a92dda40b744cba77c23

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 210KB - Virtual size: 210KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 20KB - Virtual size: 32KB

.cdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 700KB - Virtual size: 699KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 210KB - Virtual size: 210KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 20KB - Virtual size: 32KB

.cdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 700KB - Virtual size: 699KB

.reloc
Size: 22KB - Virtual size: 21KB