35d5cc85535d2d7ec30e7ee9a50f6773

Sharing

Copy URL

Twitter E-mail

General

Target

35d5cc85535d2d7ec30e7ee9a50f6773
Size

1.2MB
MD5

35d5cc85535d2d7ec30e7ee9a50f6773
SHA1

f2e066226ed8c44bff233606f52f9dd38042d162
SHA256

73e6957c766d31494578c92fcf1fe396954fa4056a0c281297955f666a539023
SHA512

6bae8fe3f2ae86ed29f7403348ce74a9a0fbfbf94ec5959a8857eae086aba5d349fa5fab39365cda3f5c8d3e957d884f481bcf80b6366d3bed266d81c6d5562a
SSDEEP

24576:8Qj3iYYUfYwk0/XYEGFzU1G03D0uGdEL0Jgj1i:p3f1wMu41GxdEEgh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35d5cc85535d2d7ec30e7ee9a50f6773

Files

35d5cc85535d2d7ec30e7ee9a50f6773
.exe windows:3 windows x86 arch:x86

5c9421c2e3eaee4d7236236374920c39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

syssetup

AsrRestorePlugPlayRegistryData
AsrFreeContext

msvcrt

_wcsdup
__p__commode
__CxxFrameHandler
_controlfp
_putenv
mktime
wcschr
_cexit
wcslen
_ftol
_purecall
wcsncmp
_wcsupr
localtime
_getpid
__set_app_type
memmove
_exit
_c_exit
_tzset
isspace
wcsncpy
_wcsicmp
malloc
_mbscpy
fread
wcspbrk
wcsncat
fflush
_open_osfhandle
__p__fmode
_wtoi
_adjust_fdiv
_vsnwprintf
_fdopen
swscanf
_errno
_filelength
_wfopen
fwrite
wcsstr
wcscmp
fclose
realloc
time
free
calloc

setupapi

SetupCloseInfFile
SetupGetIntField
SetupFindNextLine

advapi32

InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
OpenProcessToken
QueryServiceStatus
RegQueryValueExA
RegOpenKeyExA
DeleteAce
ReadEncryptedFileRaw
CheckTokenMembership
CloseServiceHandle
WriteEncryptedFileRaw
GetTokenInformation
CloseEncryptedFileRaw

gdi32

Polygon
SelectObject
CreateCompatibleDC
CreateBitmap
CreateCompatibleBitmap
DeleteObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

ntdll

_aulldvrm
iswctype
wcscspn
NtSetQuotaInformationFile
isdigit

comctl32

ImageList_GetImageCount
ImageList_GetIcon
DestroyPropertySheetPage

ole32

CLSIDFromString
CoInitializeSecurity
CoInitializeEx

kernel32

SetLastError
SetTapePosition
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetProcAddress
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
SetEndOfFile
CreateThread
GetFileSize
SetEvent
GetSystemTime
WriteTapemark
LocalFree
OpenMutexA
GetVersion
GetTapeStatus
SetTapeParameters
HeapFree
TerminateProcess
FlushFileBuffers
GetProcessHeap
GetCurrentDirectoryA
CreateMutexA
SetErrorMode
ReleaseSemaphore
GetLocalTime
GetTimeZoneInformation
VirtualAlloc
ExitThread
LoadLibraryA
DeviceIoControl
TerminateThread
LocalFileTimeToFileTime
LockFile
InitializeCriticalSection
Sleep
VerSetConditionMask
FindClose
GetTapePosition
GetFileInformationByHandle
GetModuleHandleA
BackupSeek
ReleaseMutex
DeleteCriticalSection
EnterCriticalSection
BackupWrite
SetFileTime
GetProcessHeaps
WaitForSingleObject
ReadFile
SetFilePointer
BackupRead
FreeLibrary
MultiByteToWideChar
LeaveCriticalSection
GetLastError
HeapCreate
EraseTape

user32

MapDialogRect
GetCursorPos
GetIconInfo
CreateWindowExA
SetTimer
GetWindowRect
SetParent
CreateIconIndirect
TranslateMessage
LockSetForegroundWindow
BringWindowToTop
ShowWindow
ExitWindowsEx
ScreenToClient
ClientToScreen
InflateRect
FlashWindow
RegisterClassExA
GetDlgItem
DispatchMessageA
DefWindowProcA
DestroyIcon
DrawFocusRect
WindowFromPoint
GetMenuItemCount
ChildWindowFromPoint
EnableMenuItem
SetCursor
SetActiveWindow
SendMessageA
GetSysColor
GetCapture
GetParent
ReleaseDC
RemoveMenu
IsWindowVisible
EnableWindow
IsIconic
SetWindowPos
DestroyWindow
GetClientRect
GetMessageA
UnhookWindowsHookEx
CopyRect
UpdateWindow
GetDesktopWindow
GetWindowThreadProcessId
IsWindow
GetKeyState
GetSystemMetrics
MonitorFromWindow
KillTimer
CallNextHookEx

netapi32

NetServerEnum
NetApiBufferSize

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c9421c2e3eaee4d7236236374920c39

Headers

DLL Characteristics

File Characteristics

Imports

syssetup

msvcrt

setupapi

advapi32

gdi32

shell32

ntdll

comctl32

ole32

kernel32

user32

netapi32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 42KB - Virtual size: 42KB

.rsrc Size: 86KB - Virtual size: 3.1MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 86KB - Virtual size: 3.1MB