539e949cd8517b0c9238582338fa23ad

Sharing

Copy URL Twitter E-mail

General

Target

539e949cd8517b0c9238582338fa23ad
Size

2.1MB
MD5

539e949cd8517b0c9238582338fa23ad
SHA1

d569d68c9c9288ee1c292d71dbbb6c6932fc8d15
SHA256

1551df0ef827acc697907b1d4af7f22634a8483afbf198ae68d5041fbcc35216
SHA512

d781db23099ccd693bfb41a5228821021dbc128ba352724eb07bf56b39c5880634fc664aebbc4a1b1cdc1568ab19cc58b69166be675b0868f7549a7b58605a6d
SSDEEP

49152:I/EyRkY3Q0Ehwj4uAvlzx5s3HxelCc69AtQLI:mnA0V4uAvR6RqR69AtQLI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
539e949cd8517b0c9238582338fa23ad

Files

539e949cd8517b0c9238582338fa23ad
.exe windows:5 windows x86 arch:x86

a0ece386b61aeaeb3e483cc0a88d6cf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualProtect
VirtualFree
IsBadReadPtr
LoadLibraryA
GetSystemInfo
HeapAlloc
GetProcessHeap
TlsGetValue
HeapFree
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
Sleep
RaiseException
LoadResource
LockResource
SizeofResource
FindResourceW
CloseHandle
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
GetVersionExW
FreeLibrary
ReadProcessMemory
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
Thread32Next
ExitProcess
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FreeResource
GetProcAddress
HeapSize
GetLocaleInfoA
GetLastError
HeapReAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsFree
SetLastError
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfA
SetWindowsHookExW
MessageBoxA
GetSystemMetrics
IsCharAlphaNumericW
SetCursor
LoadCursorW
GetDesktopWindow
MessageBoxW
EnumThreadWindows
ShowWindow

comctl32

InitCommonControlsEx

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0ece386b61aeaeb3e483cc0a88d6cf6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

wininet

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1.8MB - Virtual size: 11.9MB

.rsrc Size: 206KB - Virtual size: 205KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1.8MB - Virtual size: 11.9MB

.rsrc
Size: 206KB - Virtual size: 205KB

.reloc
Size: 39KB - Virtual size: 39KB