0557c0428db74038efe25fdd8ad406a0

Sharing

Copy URL Twitter E-mail

General

Target

0557c0428db74038efe25fdd8ad406a0
Size

84KB
MD5

0557c0428db74038efe25fdd8ad406a0
SHA1

93c1afce34fbe73d0c57d9544a0641f8175e6951
SHA256

e7b0959949688160cc7d0296479b3c605d6c470aa2207c1388aeec1b33a465f6
SHA512

f34ca6ac3d178737a1e70d995e92b4310a7cb1ffcb33718913976619dda8b9f597e27ae40addb9cdc75088a59c586d4450ba1001c192dc7a21981d9af2a82dca
SSDEEP

1536:ciVzRwN+B7LERcDAW21GHqpFvWZjg3mEIxmjA4aW8f0/w90X:ciVzRw4B7LHDAW21GH0Og3mEnVyOw92

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0557c0428db74038efe25fdd8ad406a0

Files

0557c0428db74038efe25fdd8ad406a0
.exe windows:4 windows x86 arch:x86

6aa08615fe8ef4558a4249e3b18ad677

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
FindNextFileA
FindFirstFileA
GetPrivateProfileIntA
GetCurrentProcessId
SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileStringA
OpenEventA
WaitForSingleObject
TerminateThread
CreateThread
WaitForMultipleObjects
CreateEventA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
SetEvent
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
ResumeThread
GetEnvironmentVariableA
DuplicateHandle
GetCurrentThread
GetCurrentProcess
ReadFile
GetFileSize
GetModuleHandleA
GetSystemDirectoryA
CopyFileA
lstrlenA
FreeLibrary
GetModuleFileNameA
lstrcpyA
LoadLibraryA
GetLastError
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
GetTickCount
Sleep
GetTempPathA
GetSystemTime
CreateFileA
GetCurrentThreadId
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringA
SetLastError
GetStartupInfoA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcmpA
lstrcpynA
SearchPathA
GetFileAttributesA
GetShortPathNameA
DeviceIoControl
CreateMutexA
ReleaseMutex
GetProcessHeap
HeapAlloc
HeapFree
QueryPerformanceCounter
GetVersionExA

advapi32

InitializeAcl
LookupPrivilegeValueA
AdjustTokenPrivileges
FreeSid
CopySid
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
ControlService
GetTokenInformation
OpenSCManagerA
OpenServiceA
CreateServiceA
ChangeServiceConfigA
CloseServiceHandle
StartServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

ole32

CreateStreamOnHGlobal

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
memcpy
memcmp
malloc
strncpy
_snprintf
free
fopen
fprintf
fclose
fwrite
atoi
_fullpath
printf
__CxxFrameHandler
strrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
_mbsrchr
_vsnprintf
sprintf
_except_handler3
strchr
_unlink

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

user32

wsprintfA
CharToOemA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hhqg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6aa08615fe8ef4558a4249e3b18ad677

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

msvcrt

msvcp60

user32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 21KB

.hhqg Size: 4KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 21KB

.hhqg
Size: 4KB - Virtual size: 4KB