53ac58963b966b47f7b91dd9db21b2d8

Sharing

Copy URL Twitter E-mail

General

Target

53ac58963b966b47f7b91dd9db21b2d8
Size

61KB
MD5

53ac58963b966b47f7b91dd9db21b2d8
SHA1

584bccd31c8c1a09cd50043bb9809900a3537713
SHA256

d48b02a1ad7746a79ba4bc44f0ebfe6b01df5c14e46144c8616185123cdbea05
SHA512

d936476a6f685497843df925dff079d05c8cb1a769e7d16bd3e540dc3ba0a2bddf1f5d631d7a35fb8b290b495e12c2f0e30e20ddab51cf060b30618e64d896b7
SSDEEP

768:9b+xQkQ5EijgxBNAaRs7QtmDlUeQtHc15wvWYNb6VEPUG7bmiupeFSzS/3h:NWljxjAfQtmDlxQtKuhq7+miuoUS/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53ac58963b966b47f7b91dd9db21b2d8

Files

53ac58963b966b47f7b91dd9db21b2d8
.dll windows:4 windows x86 arch:x86

c26c31134f946112a890c1a69cb8f7be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
CreateFileMappingA
CreateFileA
WaitForSingleObject
CreateEventA
SleepEx
PulseEvent
WriteFile
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetFileSize
ExitProcess
FreeLibraryAndExitThread
VirtualFree
VirtualAlloc
MultiByteToWideChar
OpenProcess
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
VirtualQuery
GetSystemInfo
Thread32Next
Thread32First
QueryDosDeviceA
GetVersionExA
FindNextFileA
FindFirstFileA
ReadFile
CreatePipe
GetLastError
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateThread
ReleaseMutex
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
LoadLibraryA
VirtualProtect
CloseHandle

user32

SetWindowsHookExA
UnhookWindowsHookEx
PrintWindow
GetWindowRect
GetClientRect
IsRectEmpty
GetWindowDC
GetDC
GetDesktopWindow
EnumDesktopWindows
CallNextHookEx
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
EnumChildWindows
EnumWindows
IsWindow

gdi32

DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantClear

msvcp60

?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA

ws2_32

WSACleanup
closesocket
setsockopt

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

atol
printf
_except_handler3
__dllonexit
_onexit
_initterm
_adjust_fdiv
fwrite
_memicmp
malloc
wcscmp
free
_mbscmp
_mbsstr
_mbsupr
fflush
strstr
_ltoa
abs
_mbslwr
_wcsicmp
fopen
fgets
fclose
_snprintf
_ismbcprint
memcmp
strncpy
memset
_purecall
clock
_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
strlen
_mbschr
__CxxFrameHandler
strcat
strcpy
sprintf
??2@YAPAXI@Z
memcpy

gdiplus

GdipDisposeImage
GdipFree
GdipCloneImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipAlloc

iphlpapi

GetAdaptersInfo

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

shell32

SHGetFolderPathA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY
_RunAs@0

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c26c31134f946112a890c1a69cb8f7be

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

ws2_32

psapi

shlwapi

msvcrt

gdiplus

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 57KB - Virtual size: 57KB

.reloc
Size: 3KB - Virtual size: 2KB