55273854ba3432f1360af0413596a29a

Sharing

Copy URL Twitter E-mail

General

Target

55273854ba3432f1360af0413596a29a
Size

102KB
MD5

55273854ba3432f1360af0413596a29a
SHA1

b2f161c0e25f34d6351b21d1063cc08e1a0a34da
SHA256

c261fbe90225d6e56afcd0febdfeccfc3754d03017db2c937e2bb209f79cdbc0
SHA512

950f17986632dc9b0fdd3519c96f0d38494c78e77f7bdf19e7f15e9bef80125ae196ab5d258187b3aacaa306c70d6de24665a7e3b6b263e1a01be2662f86ea50
SSDEEP

1536:hXtLbfbjtDYWW3tBg0jonvqs0oSj14nlZ2i1JMZf/8QnRQAMv:BtLbjjZDWJonvqs0o9bHqTRDM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55273854ba3432f1360af0413596a29a

Files

55273854ba3432f1360af0413596a29a
.exe windows:4 windows x86 arch:x86

de77d576beb017d63b685d407231a990

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQuerySystemInformation
RtlAdjustPrivilege
NtDuplicateObject
NtQueryObject
strcmp
strncat
vsprintf
strncmp
wcscat
RtlInitUnicodeString
NtCreateMutant
wcslen
NtClose
atoi
_chkstk
wcscpy
strcat
strcpy
strncpy
strstr
_strlwr
_strupr
strlen
_strcmpi
sprintf
memset
isalnum
memcmp
_wcsnicmp
memcpy
_alloca_probe

msvcrt

??1type_info@@UAE@XZ
_lock
_errno
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
free
_itoa
malloc
rand
_unlock
_CxxThrowException
__dllonexit
_onexit

kernel32

DuplicateHandle
IsBadReadPtr
lstrlenA
SetFilePointer
SystemTimeToFileTime
GetSystemTime
SetSystemTime
lstrcmpA
LocalFileTimeToFileTime
CreateDirectoryA
CreateDirectoryW
GetCurrentDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
SetFileTime
lstrcpyA
CreateFileW
lstrcatA
SetCurrentDirectoryA
FreeLibrary
SetFileAttributesA
OpenProcess
lstrcpyW
lstrcatW
WaitNamedPipeW
SetNamedPipeHandleState
ReadFile
lstrlenW
CreateFileA
WriteFile
ExitThread
OpenMutexA
GetSystemDirectoryA
GetWindowsDirectoryA
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetComputerNameA
GetSystemWindowsDirectoryA
GetVolumeInformationA
MultiByteToWideChar
GetCurrentProcessId
lstrcmpiA
GetThreadContext
GetThreadSelectorEntry
HeapFree
GetProcessHeap
GetProcAddress
LoadLibraryA
InterlockedIncrement
GlobalFree
InterlockedDecrement
GlobalAlloc
WideCharToMultiByte
lstrcmpW
Sleep
CreateThread
GetModuleHandleA
CreateMutexA
ExitProcess
DeleteFileA
CloseHandle
GetLastError
SetLastError
GetVersionExA
OutputDebugStringA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetTickCount
GetUserDefaultLangID
GetLocalTime
GetModuleFileNameA
ReadProcessMemory

user32

MoveWindow
GetSystemMetrics
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
UpdateWindow
PostMessageA
GetCursorPos
SendMessageA
IsWindowUnicode
GetWindowLongA
IsWindow
SetWindowLongA
GetClientRect
ToUnicode
GetKeyboardState
RegisterClassExA
ShowWindow

advapi32

GetUserNameA
CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

SHGetFolderPathA

oleaut32

GetErrorInfo
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString

ws2_32

ntohs
WSAGetLastError
inet_ntoa
inet_addr
htons
connect
recv
closesocket
getpeername

wininet

InternetQueryOptionA
HttpQueryInfoA

shlwapi

StrStrW
PathCombineA
SHGetValueA
SHSetValueA

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de77d576beb017d63b685d407231a990

Headers

File Characteristics

Imports

ntdll

msvcrt

kernel32

user32

advapi32

shell32

oleaut32

ws2_32

wininet

shlwapi

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 47KB

Shared Size: 512B - Virtual size: 16B

.CRT Size: 512B - Virtual size: 12B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 47KB

Shared
Size: 512B - Virtual size: 16B

.CRT
Size: 512B - Virtual size: 12B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 4KB