45d1f24d5587b4f66d1d0f5c51306b2d

Sharing

Copy URL Twitter E-mail

General

Target

45d1f24d5587b4f66d1d0f5c51306b2d
Size

256KB
MD5

45d1f24d5587b4f66d1d0f5c51306b2d
SHA1

a1c94751b3d5be1d048bf089697d4fc9b0831158
SHA256

e15b642aad9335277b45834825f838df8969ac6b003467b41d5b94b85beeb8f4
SHA512

ff15e5d36e2423b5d3257696156658f072a9520117cf4bcedf02abeaf1ab406102f1b5312fd3e2f3bf74c22722ad8aacfd66a859382128281a328463efd28048
SSDEEP

3072:+PrzxwandoEACuw6sbc09NBRU6sZTuC1:grWaSHCDzbhRQTug

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45d1f24d5587b4f66d1d0f5c51306b2d

Files

45d1f24d5587b4f66d1d0f5c51306b2d
.exe windows:4 windows x86 arch:x86

3fed54fc4ef57d68f3c9529bc0b2b8e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
MoveFileA
ReadFile
VirtualAlloc
GetSystemDirectoryA
MultiByteToWideChar
GetVersionExA
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
DeleteFileA
Sleep
GetLastError
GetTickCount
ExitThread
CreateThread
CreateProcessA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GetCurrentProcess
lstrcpynA
lstrcpyW
lstrcatW
GetWindowsDirectoryW
lstrcpynW
lstrlenW
MoveFileW
CreateFileW
DuplicateHandle
CreateToolhelp32Snapshot
GetSystemDirectoryW
GetProcAddress
LoadLibraryA
VirtualProtect
FlushInstructionCache
VirtualQuery
SetLastError
GetModuleHandleA
CreateRemoteThread
VirtualProtectEx
VirtualQueryEx
VirtualAllocEx
GetCurrentProcessId
GetModuleFileNameA
CopyFileA
FindClose
FindFirstFileA
ExitProcess
OpenMutexA
WideCharToMultiByte
GetLocalTime
WinExec
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateMutexA
HeapSize
QueryPerformanceCounter
GetCurrentThreadId
Process32First
Module32First
Module32Next
Process32Next
OpenProcess
WriteProcessMemory
lstrcmpiA
OutputDebugStringA
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
lstrcpyA
lstrcatA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
CompareStringW
lstrlenA
GetSystemTimeAsFileTime
RtlUnwind

user32

CharUpperA
CharUpperW
wsprintfW
wsprintfA
ExitWindowsEx
MessageBoxA

advapi32

RegOpenKeyExW
RegSetValueExW
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetUserNameW
RegOpenKeyExA
AllocateAndInitializeSid
LookupAccountSidW
FreeSid
RegOpenKeyA
RegQueryValueExA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysStringLen
SysFreeString

netapi32

NetUserGetInfo
NetApiBufferFree
NetUserAdd
NetLocalGroupAddMembers

shlwapi

SHSetValueA
SHGetValueA
SHDeleteValueA

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetSetStatusCallback
HttpQueryInfoA
FindCloseUrlCache
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetQueryOptionA
InternetReadFile

ws2_32

bind
closesocket
setsockopt
socket
recv
WSAIoctl
connect
send
ioctlsocket
select
accept
listen
htons
inet_addr
WSASocketA
recvfrom
gethostbyaddr
WSAGetLastError
WSAStartup
gethostname
gethostbyname
inet_ntoa
__WSAFDIsSet

userenv

GetUserProfileDirectoryA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3fed54fc4ef57d68f3c9529bc0b2b8e5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

netapi32

shlwapi

wininet

ws2_32

userenv

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 139KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 139KB