5bbfa7aef1cd0744fcbb773b072997f4

Sharing

Copy URL Twitter E-mail

General

Target

5bbfa7aef1cd0744fcbb773b072997f4
Size

80KB
MD5

5bbfa7aef1cd0744fcbb773b072997f4
SHA1

418ece4d27814f72acb4437c9b0a2e5758d5339e
SHA256

e68fb2c89174e4be99a55a4d4f03d186bd3ac84952ec623bbfacd0aac27a05e8
SHA512

a53d859ec9f438aa6023dbf693dd61082f3fafc3daaa10e138957dbef5ff90c953be6bcb187843eede0fe912f1399f310547838a39a8e050f43b77a0b830ed66
SSDEEP

1536:2aFBM55M/Ta1aHItO/2j8rIpCX+KAUipK5y0pNIB9uFI7a1QG9AlpWSYx:9B6eTW94/2aIpCXNAUD3pLSq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bbfa7aef1cd0744fcbb773b072997f4

Files

5bbfa7aef1cd0744fcbb773b072997f4
.exe windows:4 windows x86 arch:x86

4b9f728c12ac86922402d505b2eb09df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1176
ord269
ord1243
ord823
ord800
ord860
ord540
ord858
ord825
ord537
ord6467
ord861
ord1601
ord2818
ord1158
ord857
ord535
ord539
ord1578
ord600
ord826

msvcrt

free
atol
sprintf
memcpy
_EH_prolog
__CxxFrameHandler
vsprintf
puts
malloc
realloc
memset
_purecall
memcmp
fclose
fprintf
fopen
_mbscmp
_CxxThrowException
_except_handler3
?terminate@@YAXXZ
__p__fmode
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
__dllonexit
_onexit
strcat
strcpy
_controlfp

kernel32

GetLocalTime
LocalFree
lstrcpynA
GetStartupInfoA
GetModuleHandleA
LocalAlloc
WaitForSingleObject
CreateEventA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
SetEndOfFile
OpenEventA
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
GetCurrentProcess
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
IsDBCSLeadByte
MultiByteToWideChar
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetShortPathNameA
InterlockedDecrement
SetEvent
CloseHandle
CreateThread
GetCurrentThreadId
lstrcmpiA
GetCommandLineA
lstrlenA
GetModuleFileNameA
InterlockedIncrement
CreateDirectoryA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenW

user32

wsprintfA
MessageBoxA
LoadStringA
GetMessageA
PostThreadMessageA
CharNextA
DispatchMessageA

advapi32

RegOpenKeyExA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
CloseServiceHandle
StartServiceCtrlDispatcherA
ControlService
DeleteService
CreateServiceA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA

ole32

CoTaskMemAlloc
OleRun
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemFree
CoDisconnectObject
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

SysStringLen
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantClear
VariantInit

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b9f728c12ac86922402d505b2eb09df

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 28KB - Virtual size: 57KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 28KB - Virtual size: 57KB