005a0ef9a2e600089891188f78271af3

Sharing

Copy URL

Twitter E-mail

General

Target

005a0ef9a2e600089891188f78271af3
Size

324KB
MD5

005a0ef9a2e600089891188f78271af3
SHA1

2df4092ca9d1bf67b520314a4a0843068d2420fd
SHA256

ca8c8882bd8150b40266d159a4e6760b7b306ee2eb9376bbff9ca5092293f3a3
SHA512

85ab5b35dec8ea37bae04204f1fe6c9155532016a733875b5bc5db8df04a8cb40b20a44d4b9988a2e5935fcee8a8f5f80d0d0722384218fe90b8b5f945e92a2f
SSDEEP

6144:zr4EptEDgJBW6eZ1Y78WyMNLft+jXUUWAfVB5E2ul/rBee2NZD:zknDaBx/8WVIjkUd/q2U/rAe2NZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
005a0ef9a2e600089891188f78271af3

Files

005a0ef9a2e600089891188f78271af3
.exe windows:5 windows x86 arch:x86

a353f4aa985779a7906d8566fdf0a23f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

kernel32

TerminateProcess
GetTickCount
InterlockedExchange
GetShortPathNameW
InterlockedIncrement
MulDiv
GetFileAttributesW
GetProfileStringW
LocalFree
SetErrorMode
WideCharToMultiByte
FreeResource
FormatMessageW
LoadResource
TlsGetValue
GetModuleHandleA
GlobalFree
TlsAlloc
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
TlsFree
CreateFileW
SizeofResource
SetCurrentDirectoryW
FindFirstFileW
DeleteCriticalSection
GetACP
SetEvent
CreateThread
FindClose
TlsSetValue
LocalAlloc
lstrcmpiW
lstrcmpW
FindResourceExW
GlobalReAlloc
GetTempFileNameW
LeaveCriticalSection
ResetEvent
LocalReAlloc
InterlockedDecrement
QueryPerformanceCounter
WaitForSingleObject
DelayLoadFailureHook
FreeLibrary
FindNextFileW
lstrcpyW
GetDriveTypeW
InterlockedCompareExchange
FindResourceW
MultiByteToWideChar
DeleteFileW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetModuleHandleW
GetProcessVersion
GetCurrentThreadId
lstrcpyA
GetLastError
LoadLibraryA
GetFullPathNameW
GetVersionExA
LocalSize
GetLocaleInfoW
lstrlenW
FindResourceA
GetSystemDefaultUILanguage
GlobalLock
GetCurrentDirectoryW
SetLastError
FreeLibraryAndExitThread
GlobalUnlock
GetModuleFileNameW
LoadLibraryW
lstrlenA
LockResource
CreateEventW
lstrcpynW
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentProcessId
GlobalAlloc
GetProcAddress
UnhandledExceptionFilter
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID

ntdll

RtlUnwind
RtlIsNameLegalDOS8Dot3
NtAllocateVirtualMemory
strlen
RtlUnicodeToMultiByteSize
wcslen
_vsnwprintf
RtlInitUnicodeStringEx
_wcsicmp
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
_chkstk

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

mswsock

AcceptEx
GetAcceptExSockaddrs

userenv

RsopSetPolicySettingStatus

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 227KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a353f4aa985779a7906d8566fdf0a23f

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

kernel32

ntdll

ole32

mswsock

userenv

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 227KB - Virtual size: 1.4MB

.rdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 70KB - Virtual size: 69KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 227KB - Virtual size: 1.4MB

.rdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 70KB - Virtual size: 69KB

.tls
Size: 512B - Virtual size: 4KB