052858ceceedbe5d69af52b4760d2db0

Sharing

Copy URL

Twitter E-mail

General

Target

052858ceceedbe5d69af52b4760d2db0
Size

208KB
MD5

052858ceceedbe5d69af52b4760d2db0
SHA1

e9263e8ffb818861deb7dc1078d28ff81bda8a72
SHA256

9244ad65d74d0121ec2347bada7ab550f52f9a55596e048b9cf41395462e06fa
SHA512

df0f7acb4775f2b75cfe21a185acedede43040144258fd4495555a8074957b26a5c06f78d8a9317b86908d505b19dcd15aa9f28f90dd0e56186226d946b283d2
SSDEEP

6144:nJFI7E7tTGCUHqxoc4WjUuM+p45jm/9e+tuI:nJq7GJGCUKxOFuM+p4lm/M+tu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
052858ceceedbe5d69af52b4760d2db0

Files

052858ceceedbe5d69af52b4760d2db0
.exe windows:4 windows x86 arch:x86

26026345020c7d29ccaf7e304e9c85bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymEnumerateSymbolsW64
SymUnloadModule
SymUnloadModule64
SymSetSearchPath
SymSetOptions
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymMatchString
SymMatchFileName
SymLoadModule
SymGetTypeInfo
EnumerateLoadedModules64
EnumerateLoadedModules
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
SearchTreeForFile
StackWalk
SymCleanup
SymEnumSymbols
SymEnumTypes
SymEnumerateSymbols64
UnmapDebugInformation
SymEnumerateSymbolsW
SymFunctionTableAccess
SymGetLineFromAddr
SymGetLineFromName64
SymGetLineFromName
SymGetLineNext64
SymGetLineNext
SymGetModuleInfo64
SymGetModuleInfo
SymGetModuleInfoW64
SymGetModuleInfoW
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromName64
SymGetSymFromName
SymGetSymPrev

imagehlp

UpdateDebugInfoFileEx
UnMapAndLoad
ReBaseImage
MapFileAndCheckSumA
MapAndLoad
ImageLoad
ImageGetDigestStream
BindImageEx

loadperf

LoadPerfCounterTextStringsA

kernel32

DeleteFileA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
IsBadWritePtr
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentProcess
TerminateProcess
GetProcAddress
ExitProcess
GetVersionExA
GetCommandLineA
GetModuleHandleA
CreateEventA
PulseEvent
GetEnvironmentVariableA
GetProfileStringW
VirtualAlloc
VirtualFree
ResetEvent
CopyFileA
CreateDirectoryA
HeapCreate
HeapAlloc
HeapFree
CreateFileA
GetLocalTime
HeapReAlloc
HeapValidate
LoadLibraryA
Sleep
CreateProcessA
CloseHandle
GetStartupInfoA
GetTickCount
SetEvent
WaitForSingleObject

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26026345020c7d29ccaf7e304e9c85bf

Headers

File Characteristics

Imports

dbghelp

imagehlp

loadperf

kernel32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 108KB - Virtual size: 104KB

.data Size: 48KB - Virtual size: 570KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 108KB - Virtual size: 104KB

.data
Size: 48KB - Virtual size: 570KB

.reloc
Size: 8KB - Virtual size: 6KB