535391edfcc2d6baeda5563aef31a6f5

Sharing

Copy URL Twitter E-mail

General

Target

535391edfcc2d6baeda5563aef31a6f5
Size

176KB
MD5

535391edfcc2d6baeda5563aef31a6f5
SHA1

74bfb84abf18c749d9812f91a91873625439b2f6
SHA256

4ec9ebc12c88457cde77749fc12ad63c1fd209aafa6a17dc50356305122e32ae
SHA512

65e6d93c372b453dc1deb9d5f660abc63713b569f19fc8c42ef98008552921cfd50d847c2886030eb3e83e2383ca455a3cb4d83c9383ccc3c8c246b5392e5b23
SSDEEP

3072:u/E2jHfBJ41KZe75QZQbpkirLauxyxPS5djYQ/MVCCk63DOsVvajfa/AkT8Dr12T:u82jf81KZe75QZQbpkirLauxyxPS5djt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
535391edfcc2d6baeda5563aef31a6f5

Files

535391edfcc2d6baeda5563aef31a6f5
.exe windows:4 windows x86 arch:x86

f330bc70c8c6d5f3f4c8565489a8bc0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetShortPathNameA
MoveFileExA
LocalAlloc
GetCurrentThread
FreeLibrary
SetFilePointer
SetEnvironmentVariableA
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
TerminateProcess
OpenProcess
MultiByteToWideChar
DeviceIoControl
GetCurrentThreadId
SetEndOfFile
GetCurrentProcessId
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
CopyFileA
Sleep
FindFirstFileA
SetLastError
FindNextFileA
FindClose
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
WinExec
GetVersionExA
OpenFile
_lclose
SetFileAttributesA
DeleteFileA
GetFullPathNameA
SetCurrentDirectoryA
GetLastError
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
GetUserDefaultLangID
GetModuleFileNameA
GetComputerNameA
GetPrivateProfileStringA
GetStartupInfoA

user32

LoadStringA
ExitWindowsEx
wsprintfA
GetWindowInfo
SendMessageA
GetSystemMetrics
GetClientRect
SetDlgItemTextA
MessageBoxA
EnableWindow
EndDialog
IsDlgButtonChecked
SetWindowPos
OffsetRect
CopyRect
GetWindowRect
GetDesktopWindow
GetParent
DialogBoxParamA
GetWindowThreadProcessId
EnumWindows
GetDlgItem

advapi32

AddAccessAllowedAce
FreeSid
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenThreadToken
ImpersonateSelf
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeleteService
QueryServiceStatus
ControlService
RegQueryValueExA
RegEnumValueA
RevertToSelf

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiSetDeviceRegistryPropertyA
SetupDiRegisterDeviceInfo
SetupDiGetINFClassA
SetupDiClassGuidsFromNameA
SetupDiGetDeviceInstanceIdA
SetupDiSetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDevice
SetupDiCallClassInstaller
SetupDiRemoveDevice
SetupDiCreateDeviceInfoA

comctl32

ord17

shlwapi

PathIsDirectoryA

msvcrt

_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
_mbstok
_itoa
_except_handler3
strstr
strchr
memmove
strtoul
_mbscmp
_mbsnbcmp
_mbsnbicmp
_strdup
free
__CxxFrameHandler
atoi
fopen
fclose
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
vsprintf
fgetc
_mbsnbcpy
sscanf
fprintf
_mbsstr
toupper
_mbsrchr
_mbscspn
_mbschr
??3@YAXPAX@Z
??2@YAPAXI@Z
_mbsicmp
sprintf
exit
getenv
__getmainargs

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xagiqsb
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f330bc70c8c6d5f3f4c8565489a8bc0a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

version

setupapi

comctl32

shlwapi

msvcrt

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 116KB - Virtual size: 144KB

xagiqsb Size: 4KB - Virtual size: 96KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 116KB - Virtual size: 144KB

xagiqsb
Size: 4KB - Virtual size: 96KB