5204ae0ea6071efe45dd10a4e8b26967

Sharing

Copy URL Twitter E-mail

General

Target

5204ae0ea6071efe45dd10a4e8b26967
Size

48KB
MD5

5204ae0ea6071efe45dd10a4e8b26967
SHA1

4b55fde7196b3d1ef0b82ad85b0b14249e66966e
SHA256

41f82c0bbe5d76582ba91bea95bf9b76b0e6d1851a0b0391a7eb94bc6e3b07aa
SHA512

a6af3fba6920b0dba0df63ad83ec65b767b76323a549a27bd3ca91f462bf6fabb8a003a46659083c32d766dc340bb11dcd8b8e0105cf8b40363876a9fed05bd9
SSDEEP

768:t1ZKff0E+4O6d974MxLS1VKGIE3VHbNfPBDJEN20SwHrvXrpMD3d:tzKUYO6z0wRUpNfRJ4hHrvXVUd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5204ae0ea6071efe45dd10a4e8b26967

Files

5204ae0ea6071efe45dd10a4e8b26967
.exe windows:5 windows x86 arch:x86

a58a4f16d4ba3173796460701afe614e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hhsetup

?RemoveAll@CPointerList@@QAEXXZ
?GetTail@CFIFOString@@QAEKPAPAD@Z
?GetOrder@CFolder@@QAEKXZ
?SetOrder@CFolder@@QAEXK@Z
?SetNextTitle@CTitle@@QAEXPAV1@@Z
?HandleTitle@CCollection@@AAEKPAVCParseXML@@PAD@Z
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z
?SetNextFolder@CFolder@@QAEXPAV1@@Z
?Close@CCollection@@QAEKXZ
?AddRef@CCollection@@QAEXXZ
?RemoveAll@CFIFOString@@QAEXXZ
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?SetVersion@CCollection@@QAEXK@Z
??0CTitle@@QAE@XZ
?Open@CCollection@@QAEKPBD@Z
?GetLanguage@CFolder@@QAEGXZ
?GetSampleLocation@CCollection@@QAEPADXZ
?HandleCollection@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetLanguage@CTitle@@QAEXG@Z

kernel32

AllocConsole
ExitProcess
GetThreadTimes
CreateDirectoryExA
AddRefActCtx
VerifyVersionInfoA
LoadLibraryA
AddVectoredExceptionHandler
DnsHostnameToComputerNameA
VirtualQuery
Process32FirstW
Module32NextW
GetACP
WriteConsoleOutputCharacterW
IsValidLanguageGroup
GetConsoleNlsMode
AddConsoleAliasA
FindAtomA
OpenMutexW
GetConsoleMode
GetCurrentThread
OpenSemaphoreW
GenerateConsoleCtrlEvent
SetLocalPrimaryComputerNameW
RtlCaptureStackBackTrace
FileTimeToDosDateTime
SetConsoleOS2OemFormat
DelayLoadFailureHook
SetErrorMode
OutputDebugStringW
GetCompressedFileSizeW
BuildCommDCBA
RemoveDirectoryW
IsWow64Process
WriteConsoleInputVDMA
SleepEx
MoveFileWithProgressW
GetConsoleFontSize
EndUpdateResourceW
VirtualAlloc
DebugActiveProcess
lstrcmpiW
ReplaceFileW
BuildCommDCBAndTimeoutsA
GetAtomNameA
GetModuleHandleA
GetTempFileNameW
SetupComm
SetCalendarInfoW
SetThreadPriorityBoost
FreeLibraryAndExitThread
CreateJobObjectA
CreateProcessInternalA
GetTempPathA
CreateFileMappingA
AddAtomA

imagehlp

SymLoadModule
GetImageConfigInformation
SymGetModuleInfoW
StackWalk64
FindFileInSearchPath
SymRegisterCallback
RemovePrivateCvSymbolic
SymEnumerateModules
MapFileAndCheckSumA
SymEnumTypes
SymFromAddr
ImageGetDigestStream
SymGetLineFromAddr64
SymGetLineFromName
SymGetSearchPath
SymUnDName64
ReBaseImage64
EnumerateLoadedModules64
MapFileAndCheckSumW
ImageRemoveCertificate
SymGetSymFromAddr64
SymSetContext
ImageAddCertificate
SymGetSymNext64
SymGetModuleInfo64
RemovePrivateCvSymbolicEx
ImageRvaToVa

advapi32

CredGetTargetInfoW
RegUnLoadKeyW
SetServiceObjectSecurity
CredMarshalCredentialA
SetNamedSecurityInfoW
IsTextUnicode
ObjectCloseAuditAlarmW
IsTokenUntrusted
GetTraceEnableFlags
LogonUserA
OpenThreadToken
TraceEvent
StartTraceA
RegDeleteValueA
LsaGetSystemAccessAccount
SystemFunction040
GetAccessPermissionsForObjectW
GetFileSecurityW
TreeResetNamedSecurityInfoW
AddAce
LookupAccountNameA
WmiQuerySingleInstanceMultipleA
RegRestoreKeyA
SaferiIsExecutableFileType
MakeAbsoluteSD2
RegConnectRegistryW
I_ScSendTSMessage
AddUsersToEncryptedFile

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a58a4f16d4ba3173796460701afe614e

Headers

DLL Characteristics

File Characteristics

Imports

hhsetup

kernel32

imagehlp

advapi32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB