05b37c053e9660ea2c61e40482c960ad

Sharing

Copy URL

Twitter E-mail

General

Target

05b37c053e9660ea2c61e40482c960ad
Size

276KB
MD5

05b37c053e9660ea2c61e40482c960ad
SHA1

9f352efc6ebb197cc8cd52ad95059a81291ca2dc
SHA256

7c99ae3aa2a496cb0ac34ed82da2516043f250a25da3cf60592bcd64d43f6b8e
SHA512

2f5b7f22a7e04b1bd5c273a50bd13920a73d62f1e62b65e25a6297a9e36f464725fcd6c5ef079854d9ec92f8ad25355963279efa943c3587b0f526a78db199c8
SSDEEP

6144:TPEcwoMcCpkWEvi6D0nAHcMkt5/wBEh2e6CxpiQR:Tz71i/Evi6onSk7wOTp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05b37c053e9660ea2c61e40482c960ad

Files

05b37c053e9660ea2c61e40482c960ad
.exe windows:2 windows x86 arch:x86

547951e6f08a68e171cb3aed57b23a10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

OpenProcessToken
RegCreateKeyW
RegCreateKeyExW
CopySid
SetSecurityDescriptorOwner

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsExW

atl

ord32
ord30
ord57
ord58
ord16
ord43
ord18
ord44

gdi32

CreateCompatibleDC

user32

DestroyWindow
ClientToScreen
SendInput
IsWindow
LoadImageW
GetWindowLongW
CreateWindowExW
UnregisterDeviceNotification
GetThreadDesktop
OpenInputDesktop
UpdateLayeredWindow
GetMessageW
GetSysColorBrush
SetThreadDesktop
DestroyIcon
PtInRect
EnumDisplaySettingsW
SetWindowsHookExW
SetCursorPos
CallNextHookEx
GetDesktopWindow
GetSysColor
CallWindowProcW
GetDoubleClickTime
SystemParametersInfoW
MonitorFromWindow
EqualRect
DrawIconEx
UnhookWindowsHookEx
InflateRect

hid

HidD_FreePreparsedData
HidP_GetUsages
HidP_GetSpecificButtonCaps

kernel32

MapViewOfFile
GetProcAddress
DuplicateHandle
CloseHandle
CreateEventW
VirtualAlloc
GlobalDeleteAtom
CompareStringW
CreateFileMappingW
SetThreadPriority
InterlockedIncrement
DeleteCriticalSection
GetCommandLineW
HeapAlloc
OpenEventW
GetOverlappedResult
SetPriorityClass
QueryPerformanceFrequency
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
ReleaseMutex
CancelWaitableTimer
lstrcpyW
VerifyVersionInfoW
GetCurrentThread
SetWaitableTimer
GetProcessHeap
CancelIo
GetModuleHandleA
OpenProcess
UnmapViewOfFile
SetPriorityClass
GlobalAddAtomW
VirtualFree
FlushInstructionCache
CreateWaitableTimerW
GetProcessWorkingSetSize
WaitForMultipleObjectsEx

ole32

CoCreateInstance
CoTaskMemAlloc
CoUninitialize

msvcrt

fputws
__CxxFrameHandler
__p__fmode
?terminate@@YAXXZ
__dllonexit
_initterm
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnwprintf
_CxxThrowException
swscanf
_onexit
__wgetmainargs
__set_app_type
free
_cexit
wcslen

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

547951e6f08a68e171cb3aed57b23a10

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

setupapi

atl

gdi32

user32

hid

kernel32

ole32

msvcrt

Sections

.text Size: 167KB - Virtual size: 167KB

.data Size: 74KB - Virtual size: 74KB

.rsrc Size: 33KB - Virtual size: 552KB

.text
Size: 167KB - Virtual size: 167KB

.data
Size: 74KB - Virtual size: 74KB

.rsrc
Size: 33KB - Virtual size: 552KB