0534fcf0586b5fbaa45612ce8c3119d8

Sharing

Copy URL

Twitter E-mail

General

Target

0534fcf0586b5fbaa45612ce8c3119d8
Size

105KB
MD5

0534fcf0586b5fbaa45612ce8c3119d8
SHA1

d6452546a4854b6df88e7cf6818a9722c71ed982
SHA256

061f7b3f147a974d2b6a0170dbd3cda7314f1e92b8e553248b622c1f9dfd2b70
SHA512

d42a730506b17e7aae990fc2a907fc8c87fa42186a6cc7218385e509a10daa6229ac0ac4e1e476773ce73b50c6924e9f652f596e011dc960b8dc27e1ea4a76d1
SSDEEP

1536:iJPmAHnTcXKD0IhojSE9fkyIU6hq5vhaGbihPTMDIdCOgl8moNWZn2y5rkINQBEB:ipmKYXvRSmkxU6hQPRGgemFXkOEE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0534fcf0586b5fbaa45612ce8c3119d8

Files

0534fcf0586b5fbaa45612ce8c3119d8
.exe windows:5 windows x86 arch:x86

5d1e4a91d432c9eb6d69554b27071678

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

CStdStubBuffer_Disconnect
RpcServerUseProtseqEpW
RpcStringFreeA
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
UuidFromStringW
NdrClientCall2
CStdStubBuffer_Connect
RpcStringFreeW
NdrOleFree
UuidToStringA
RpcBindingVectorFree
CStdStubBuffer_CountRefs
RpcImpersonateClient
CStdStubBuffer_IsIIDSupported
NdrCStdStubBuffer_Release
RpcBindingSetAuthInfoExW
NdrCStdStubBuffer2_Release
NdrStubCall2
NdrOleAllocate
RpcServerUnregisterIf
RpcStringBindingComposeW
CStdStubBuffer_AddRef
RpcServerRegisterAuthInfoW
CStdStubBuffer_QueryInterface
RpcEpResolveBinding
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW

kernel32

InterlockedIncrement
CreateFileW
GlobalFree
GetStartupInfoA
FormatMessageA
GetFullPathNameW
VirtualAlloc
IsBadWritePtr
SystemTimeToFileTime
CreateDirectoryA
FindClose
GetProcAddress
GetStringTypeA
GetWindowsDirectoryA
OutputDebugStringA
DisableThreadLibraryCalls
lstrcpynW
GetSystemDirectoryA
ExitProcess
CreateProcessW
lstrcmpA
FileTimeToSystemTime

oleaut32

SafeArrayCreate
SafeArrayGetUBound
VariantCopyInd
VariantChangeType
VariantInit
CreateErrorInfo
SafeArrayPtrOfIndex
VariantClear
SafeArrayPutElement
VariantCopy
LoadTypeLib
SysAllocStringByteLen
SysAllocStringLen
SysReAllocStringLen
SysFreeString
SafeArrayUnaccessData
GetActiveObject
OleLoadPicture
RegisterTypeLib
SafeArrayGetLBound
GetErrorInfo
SafeArrayAccessData
SysStringLen
SysStringByteLen

ole32

OleSaveToStream
CreateBindCtx
MkParseDisplayName
CoRevertToSelf
CoInitializeEx
CLSIDFromProgID
OleInitialize
WriteClassStm
PropVariantClear
CoGetMalloc
StringFromCLSID
OleRegEnumVerbs
StgIsStorageFile
CoCreateInstance
StgCreateDocfile
CoReleaseMarshalData
CoRegisterClassObject
ProgIDFromCLSID
OleLoadFromStream
CoCreateFreeThreadedMarshaler
StringFromIID
OleRun
CoSetProxyBlanket
CoTaskMemFree
CoGetInterfaceAndReleaseStream
StringFromGUID2
CoFreeUnusedLibraries

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5d1e4a91d432c9eb6d69554b27071678

Headers

File Characteristics

Imports

rpcrt4

kernel32

oleaut32

ole32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 63KB - Virtual size: 124KB

.idata Size: 6KB - Virtual size: 5KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 63KB - Virtual size: 124KB

.idata
Size: 6KB - Virtual size: 5KB