526fab16135cfd3f14d21040307df5ec

Sharing

Copy URL Twitter E-mail

General

Target

526fab16135cfd3f14d21040307df5ec
Size

119KB
MD5

526fab16135cfd3f14d21040307df5ec
SHA1

584199e6b5c09555710d6c5a92f2b5d3626b6b70
SHA256

9f8d58e0700cbdfb5c03c17b4a469540d4548fa0827fa8e4651c213affe332e6
SHA512

d63993ec70bc318a0503cb0063f8f66c91b984cbc1bbe118333a5e8a13fcddda1ccb99c20423039c1ff25cfda98193c87cc8c69b7e0e7da9976663adb84ee823
SSDEEP

3072:ihEAEnGlZt4J6/Cr2SJlCyXQv+wWeveLHCc5yjFvsBc:iLTtO6/42SJdQhWxApE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
526fab16135cfd3f14d21040307df5ec

Files

526fab16135cfd3f14d21040307df5ec
.exe windows:4 windows x86 arch:x86

281c4e8337268adf1e2b21a25dd08d95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeEx
StringFromGUID2
StringFromCLSID
CLSIDFromProgID
OleInitialize
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
CoSetProxyBlanket
CoUninitialize
CoGetClassObject
OleUninitialize
CreateStreamOnHGlobal
OleLockRunning
CoAllowSetForegroundWindow
CoTaskMemFree
CoInitializeSecurity
CoCreateGuid

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

LocalAlloc
LockResource
GetVersionExW
HeapAlloc
VirtualAlloc
LoadLibraryExW
ProcessIdToSessionId
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
HeapSetInformation
GetCurrentProcess
InitializeCriticalSection
GetProcAddress
LoadLibraryA
GetProcessHeap
GetSystemDirectoryW
EnterCriticalSection
GetACP
GlobalHandle
FindResourceW
HeapSize
GetProcessVersion
GetComputerNameW
InterlockedCompareExchange
GetTickCount
GetProcessId
CreateThread
HeapFree
ReleaseMutex
MultiByteToWideChar
HeapDestroy
lstrlenW
FlushInstructionCache
Sleep
CloseHandle
lstrcmpW
SetEvent
VirtualFree
QueryPerformanceCounter
GetCurrentThreadId
LoadResource
CreateFileW
GetSystemInfo
WaitForSingleObject
FreeLibrary
CreateEventW
UnhandledExceptionFilter
ExitProcess
LCMapStringW
SetUnhandledExceptionFilter
OpenProcess
MulDiv
ResetEvent
GlobalAlloc
GetLocaleInfoA
WaitForMultipleObjects
RaiseException
LoadLibraryW
TerminateProcess
FormatMessageW
lstrlenA
InterlockedExchange
InterlockedIncrement
GetLocaleInfoW
VirtualLock
VirtualUnlock
GetSystemTimeAsFileTime
GetThreadLocale
HeapReAlloc
GetVersionExA
SetLastError
LeaveCriticalSection
WideCharToMultiByte
FindResourceExW
CreateMutexW
LocalFree
GlobalLock
GlobalFree
IsProcessorFeaturePresent
GlobalUnlock
GetTempPathW
GetLastError
IsDebuggerPresent
SizeofResource
InterlockedDecrement
GetModuleHandleW

ddraw

DirectDrawCreate
DirectDrawEnumerateA
DirectDrawCreateEx

shell32

SHAppBarMessage
FindExecutableW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetApiBufferFree
NetUserAdd
NetUserEnum
NetUserGetLocalGroups
NetWkstaUserGetInfo
NetUserDel
NetLocalGroupAddMembers
NetGetJoinInformation

secur32

GetUserNameExW

shlwapi

UrlGetPartW
UrlApplySchemeW
UrlCombineW
UrlCanonicalizeW
PathCombineW
PathAppendW

gdiplus

GdipFree
GdipDisposeImage
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdiplusStartup
GdipCreateBitmapFromFile
GdipCloneImage
GdipCreateBitmapFromFileICM

gdi32

GetDeviceCaps
CreateCompatibleDC
GetStockObject
DeleteObject
CreateSolidBrush
DeleteDC
SelectObject
BitBlt
CreateCompatibleBitmap
GetObjectW

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

281c4e8337268adf1e2b21a25dd08d95

Headers

File Characteristics

Imports

ole32

wtsapi32

version

kernel32

ddraw

shell32

crypt32

netapi32

secur32

shlwapi

gdiplus

gdi32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 46KB - Virtual size: 45KB

.rsrc Size: 1024B - Virtual size: 344KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 1024B - Virtual size: 344KB