5473783f6508f1f3b16c7d993d5b328b

Sharing

Copy URL Twitter E-mail

General

Target

5473783f6508f1f3b16c7d993d5b328b
Size

2.5MB
MD5

5473783f6508f1f3b16c7d993d5b328b
SHA1

1679353ae57877216b95ce07f209890a0060882d
SHA256

4880871e6610e46fa946b4f919ced74b962259fdebc2f2bde063c32448b9d4ac
SHA512

117c82f177d43108512ade07b5d1d16d68460c30e7b56fb294582fb043e0f528405582da3c4985443a49a67f7d53649113a601319a48ee5c13ceea7e6cbb094a
SSDEEP

3072:kf529f529f529f529f529f529f529f529f529f529f529f529f529f529f529f5z:P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5473783f6508f1f3b16c7d993d5b328b

Files

5473783f6508f1f3b16c7d993d5b328b
.dll windows:4 windows x86 arch:x86

a14f6ce313e5f3d3af76a948b83b771b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
free
_beginthreadex
fseek
strncpy
fread
fclose
strchr
strcpy
atoi
strtok
strrchr
malloc
wcscmp
_stricmp
__CxxFrameHandler
abs
sprintf
strncmp
strcat
fopen
fgets
memcpy
strstr
strlen
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
_strrev

kernel32

GetCurrentProcessId
CreateMutexA
GetLastError
GetPrivateProfileStringA
GetLogicalDriveStringsA
GetDriveTypeA
lstrlenA
CopyFileA
DeleteFileA
GetFileAttributesA
GetTempFileNameA
MoveFileExA
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
CloseHandle
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetTempPathA
GetCommandLineA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
WriteFile
CreateFileA
GlobalLock
GlobalAlloc
VirtualProtect
GetModuleHandleA
ExitProcess
GetFileSize
Sleep
WaitForSingleObject
Process32Next
GetModuleFileNameA

user32

wsprintfA
GetDC
GetClientRect
GetClassNameA
GetWindowTextA
ReleaseDC
GetWindowRect
GetDesktopWindow
EnumWindows

ws2_32

socket
inet_addr
recv
connect
gethostbyname
send
closesocket
WSAStartup
htons
inet_ntoa
WSACleanup

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

gdiplus

GdipDisposeImage
GdipAlloc
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromFile
GdipSaveImageToFile
GdipCloneImage
GdipFree

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile

dbghelp

SearchTreeForFile

Exports

Exports

FHard
Install
igwCheckUpdate
igwEndUpdate
igwGetModule
igwInit
igwInitExA
igwInitExW
igwInitialize
igwSupportA
igwSupportExA
igwSupportExW
igwSupportW
igwTerminal

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a14f6ce313e5f3d3af76a948b83b771b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

gdi32

gdiplus

urlmon

wininet

dbghelp

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB