57721253c589324b1a6481d51d28467f

Sharing

Copy URL Twitter E-mail

General

Target

57721253c589324b1a6481d51d28467f
Size

49KB
MD5

57721253c589324b1a6481d51d28467f
SHA1

502f8eaa65a944fece2ceb91c9eb897affbc8b3f
SHA256

18c851630e9237597f670e2456c4ced738616cbd507cfd7004cea08a2432cd13
SHA512

24f16ffa15558212a56a659d3ebe5f8d2c6f2da1b49bbd65c721ffffc1cd080b9f66b3070d51e4cfa262a7370ba8da130d8579a3d17b6aa5c5d62126e2cd1318
SSDEEP

768:4l+V6/cE/9oaDt8n9vk6KYt3uaoN5kxyjIAWgI8L/oe6sbzcwHrtnLEpM3:4cRE/9ft8n9vHTIFnIg6HwHBg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57721253c589324b1a6481d51d28467f

Files

57721253c589324b1a6481d51d28467f
.exe windows:5 windows x86 arch:x86

3d1f5b5495b37dc5650332d6ffe9f115

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

resutils

ResUtilTerminateServiceProcessFromResDll
ResUtilGetProperty
ResUtilGetPropertiesToParameterBlock
ResUtilVerifyPrivatePropertyList
ResUtilSetResourceServiceEnvironment
ResUtilGetEnvironmentWithNetName
ResUtilFindDwordProperty
ResUtilDupString
ResUtilGetResourceDependency
ResUtilGetProperties
ResUtilSetExpandSzValue
ResUtilIsPathValid
ResUtilGetDwordProperty
ResUtilSetUnknownProperties
ResUtilStopService
ResUtilAddUnknownProperties
ResUtilGetSzValue
ResUtilEnumResources
ResUtilGetResourceDependentIPAddressProps
ResUtilVerifyService
ResUtilVerifyResourceService
ResUtilSetPropertyTable
ResUtilGetResourceNameDependency
ResUtilGetResourceName

hhsetup

??4CFIFOString@@QAEAAV0@ABV0@@Z
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?GetRefTitleCount@CCollection@@QAEKXZ
?SetOrder@CFolder@@QAEXK@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?Release@CCollection@@AAEKXZ
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z
??4CLocation@@QAEAAV0@ABV0@@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetVersion@CCollection@@QAEKXZ
?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?GetTitle@CLocation@@QAEPADXZ
?SetNextLocation@CLocation@@QAEXPAV1@@Z
??1CFIFOString@@QAE@XZ
??0CCollection@@QAE@XZ
?SetTitle@CFolder@@QAEXPBG@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?Open@CCollection@@QAEKPBD@Z
?Dirty@CCollection@@QAEXXZ
?ParseFile@CCollection@@AAEKPBD@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ

psbase

FPasswordChangeNotify
SPOpenItem
SPProviderInitialize
SPEnumTypes
SPEnumItems
SPSetProvParam
SPGetProvParam
SPCreateType
SPWriteItem
SPAcquireContext
SPEnumSubtypes
SPGetTypeInfo
SPGetProvInfo
SPReleaseContext
SPCloseItem
SPCreateSubtype
SPDeleteSubtype
SPGetSubtypeInfo
SPDeleteType
SPDeleteItem
SPReadItem

kernel32

Heap32ListNext
GetLocaleInfoA
Beep
GetFileSizeEx
GetCurrentProcessId
ClearCommBreak
SetLocalPrimaryComputerNameA
GetModuleHandleW
GlobalCompact
UpdateResourceW
LoadLibraryW
SleepEx
WaitNamedPipeA
RtlMoveMemory
EnumDateFormatsExA
OpenSemaphoreA
TerminateThread
GetProfileStringA
GetLocaleInfoW
GetConsoleAliasExesA
GlobalFree
ResetEvent
WTSGetActiveConsoleSessionId
GetConsoleScreenBufferInfo
GlobalMemoryStatusEx
GetVolumePathNameW
GetCommandLineW
FindActCtxSectionStringA
GlobalGetAtomNameA
GetCurrentThread
GetAtomNameA
GetVDMCurrentDirectories
GetCurrentConsoleFont
FoldStringW
FreeResource
SetCommConfig
HeapSetInformation
GetFileAttributesA
ProcessIdToSessionId
FindFirstVolumeMountPointA

dbghelp

SymGetSymFromAddr
SymEnumSymbols
lmi
EnumerateLoadedModules
ImagehlpApiVersionEx
SymEnumSourceFiles
FindFileInSearchPath
SymGetSymNext
SymCleanup
srcfiles
SymGetSymFromName64
omap
SymGetSymPrev64
SymGetSymFromName
EnumerateLoadedModules64
SymRegisterCallback64
MakeSureDirectoryPathExists
SymGetTypeInfo
SymSetOptions
SymInitialize
SymEnumerateSymbols
SymGetLineFromName
SymEnumTypes

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d1f5b5495b37dc5650332d6ffe9f115

Headers

DLL Characteristics

File Characteristics

Imports

resutils

hhsetup

psbase

kernel32

dbghelp

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 7KB