56e9360d68b1de743924d549aa18580b

Sharing

Copy URL Twitter E-mail

General

Target

56e9360d68b1de743924d549aa18580b
Size

369KB
MD5

56e9360d68b1de743924d549aa18580b
SHA1

0bca1932edbe22e57ebecb81656fcb57e695a02e
SHA256

35b8f3bb6845bda0ed1ca354913f9343e1f56e3a23cda2142b16eccf2dd4f26d
SHA512

9813c5cde00581f3b2cadfd6ae8678f45b589cf961bd605d24bf8515aba298bcac5f7d0323aeca85668db02871d99d63d13aab52bbb74846b12f5c15cf7677f3
SSDEEP

6144:Sx038pDW7hUq6p3IUif9IHIPa321zPS0RYvdCt6827t33kf1lQT9vcrq:N6D6hUq/Uif9IoPa32BPNRYV86rtkdW9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56e9360d68b1de743924d549aa18580b

Files

56e9360d68b1de743924d549aa18580b
.exe windows:4 windows x86 arch:x86

89ed967f18e6eaf4e6da4be27ee7bf17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadIconA
WindowFromPoint
IsWindow
GetDialogBaseUnits
IsWindowUnicode
DialogBoxParamA
BringWindowToTop
BeginDeferWindowPos
DestroyWindow
ShowOwnedPopups
CreateWindowExA

gdi32

DescribePixelFormat
GetBrushOrgEx
CloseEnhMetaFile
AddFontResourceW
GetBkMode
Ellipse
CreateDCA
FillRgn
BitBlt
GdiFlush
DeleteEnhMetaFile
DrawEscape
DeleteMetaFile

advapi32

SetTokenInformation
AccessCheck
ReportEventA
NotifyChangeEventLog
ReportEventW

kernel32

TlsGetValue
GetLastError
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
GetStringTypeW
CreateMutexA
HeapCompact
GetCurrencyFormatA
GlobalFree
GetSystemDefaultLCID
ResetEvent
LocalReAlloc
VirtualFree
LeaveCriticalSection
HeapWalk
IsValidLocale
GlobalHandle
IsBadWritePtr
WritePrivateProfileStructA
GetProfileIntA
GetProcAddress
GetHandleInformation
VirtualAllocEx
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
SetLastError
GetACP
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetCPInfo

winspool.drv

GetPrinterDriverA
AddPrinterDriverA
ConnectToPrinterDlg
DeletePrinterConnectionA
ConfigurePortA
AbortPrinter
AdvancedDocumentPropertiesA
EnumPrintProcessorsA
EnumPrinterDriversA
DeletePrinterKeyA

netapi32

NetUseEnum
NetGetJoinableOUs
NetGroupAddUser
NetAuditWrite
NetGetAnyDCName
NetFileClose
NetErrorLogWrite
NetGetDCName
NetConfigSet
NetAuditRead
NetAuditClear

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mtijn
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89ed967f18e6eaf4e6da4be27ee7bf17

Headers

File Characteristics

Imports

user32

gdi32

advapi32

kernel32

winspool.drv

netapi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 81KB

.mtijn Size: 331KB - Virtual size: 330KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 81KB

.mtijn
Size: 331KB - Virtual size: 330KB

.rsrc
Size: 3KB - Virtual size: 2KB