5c7bb610ccd460a310f2e4c211972f23

Sharing

Copy URL Twitter E-mail

General

Target

5c7bb610ccd460a310f2e4c211972f23
Size

408KB
MD5

5c7bb610ccd460a310f2e4c211972f23
SHA1

a32f9c0963f64892a8e855bbcdf9c6e4def3af2e
SHA256

84257d1f46e2e862314406cc2b6a15eb521f6aada7131a3b3df46c26c92ea78c
SHA512

7f59ebc42f9d2c9ac31c576e9e641f4921107ed4402405935fea53e67b3d87dbe3e7af2333e22143f01f4c948243c751edb7151fc1cd5972cea852129096326f
SSDEEP

12288:7CZUgMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM2:7CZ9MMMMMMMMMMMMMMMMMMMMMMMMMMMS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c7bb610ccd460a310f2e4c211972f23

Files

5c7bb610ccd460a310f2e4c211972f23
.exe windows:5 windows x86 arch:x86

8fd150425d866092f9b1bddab68c2a13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetSystemInfo
SetErrorMode
GetFileType
GetSystemTimeAsFileTime
lstrcpyA
LCMapStringA
SizeofResource
SetHandleCount
SetStdHandle
FindClose
GetStdHandle
RaiseException
DisableThreadLibraryCalls
lstrcpynA
TlsSetValue
GetLocaleInfoA
FindNextFileA
CreateMutexW
LoadLibraryA
IsBadWritePtr
InitializeCriticalSectionAndSpinCount
LockResource
FileTimeToLocalFileTime
InterlockedDecrement
OutputDebugStringA
DeleteFileW
FindFirstFileA
LocalFree
MapViewOfFile
MulDiv
GetVersion
GetFullPathNameW
GlobalUnlock
GetCommandLineW
InterlockedExchange
VirtualProtect
LeaveCriticalSection
HeapAlloc
WriteConsoleW
GlobalAlloc
TlsGetValue
CreateMutexA
LoadLibraryExA
IsDBCSLeadByte
lstrcmpiA
GetEnvironmentStringsW
GetTickCount
FileTimeToSystemTime
GetWindowsDirectoryA
WaitForMultipleObjects
FreeEnvironmentStringsW
GetModuleFileNameA
GetCurrentProcessId
InitializeCriticalSection
GetProcessHeap
SetFileAttributesW
UnhandledExceptionFilter
VirtualAlloc
WaitForSingleObject
CreateFileA
lstrlenW
GetCurrentDirectoryW
GetModuleHandleA
GetExitCodeProcess
FormatMessageW
OpenMutexA
GetLocaleInfoW
ResetEvent
SetThreadPriority
TlsFree
FindResourceW
RtlUnwind
GetThreadLocale
ResumeThread
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsA
LoadLibraryExW
GetLastError
CreateProcessA
GetEnvironmentStrings
SetLastError
ReleaseMutex
GetCPInfo
MultiByteToWideChar
IsBadReadPtr
SetFileAttributesA
lstrcatA
ReadFile
GetFileSize
GetModuleHandleW
GetProcAddress
OpenEventW
HeapFree
lstrcmpW
ExpandEnvironmentStringsW
CreateFileMappingW
SetEndOfFile

msvcrt

rand
exit
_finite
_ftol
__p__osver
_chsize
_access
srand
_rotr
_rotl

user32

EnumChildWindows
GetClassNameW
UnregisterClassW
SetWindowLongW
IsDlgButtonChecked
SetFocus
SendDlgItemMessageW
GetWindowTextLengthW
RegisterClipboardFormatW
TranslateMessage
EndPaint
GetDlgItemTextA
CreatePopupMenu
TrackPopupMenu
InflateRect
GetDlgItemTextW
CallNextHookEx
FillRect
RegisterWindowMessageA
GetProcessWindowStation
IsWindowEnabled
MessageBeep
CharLowerW
RegisterClassA
CreateDialogParamW
CreateWindowExW
GetSysColorBrush
WinHelpW
EndDialog
LoadIconW
IsRectEmpty
RegisterClassExW
GetWindowPlacement
ShowWindow
LoadStringW
LoadBitmapW
CallWindowProcW
LoadBitmapA
DialogBoxParamW
PostMessageA
wsprintfW
OffsetRect
CharUpperW
RedrawWindow
GetSystemMenu
MoveWindow
DrawTextW
PeekMessageW
DestroyMenu
UpdateWindow
MessageBoxA
GetDlgCtrlID
SendDlgItemMessageA
RegisterClassW
GetWindowTextA
CopyRect
PostQuitMessage
GetMenuItemCount
DispatchMessageW
GetAsyncKeyState
SetRect
SetMenu
IsWindowVisible

gdi32

GetDIBits
PatBlt
CreateHalftonePalette
TranslateCharsetInfo
ExtTextOutW
GetGlyphOutlineA
SetWindowOrgEx
OffsetRgn
SetStretchBltMode
SetPixel
CreateBitmap
DeleteObject
StretchBlt
GetObjectA
GetTextMetricsA
ScaleWindowExtEx
GetClipBox
GetObjectType
FillRgn
DeleteMetaFile
LPtoDP
EndPage
GetBitmapBits
SetROP2
PlayMetaFile
CreateMetaFileA
CreateRectRgn
CreateCompatibleDC
TextOutA
BitBlt
SetMapMode
GetBkColor
SetBrushOrgEx
ExtTextOutA
EnumFontFamiliesExW
CreateDCA
SelectClipRgn
CreateDIBitmap
OffsetViewportOrgEx
StartPage
IntersectClipRect
CreateFontIndirectW
GetWindowExtEx
CloseMetaFile
SetBkColor
GetStockObject
GetCurrentObject
GetMapMode
GetPixel
SetTextAlign
GetTextColor
CreateDIBSection
RestoreDC
SelectPalette
GetTextMetricsW
GetClipRgn
SelectObject
GetTextExtentPointW
GetBkMode
GetTextExtentPoint32W
MoveToEx
CreateRectRgnIndirect

ntdll

wcschr
atol
RtlGetVersion
RtlUpcaseUnicodeStringToOemString
_alloca_probe
RtlExtendedLargeIntegerDivide
RtlInitializeSid
RtlInitializeCriticalSectionAndSpinCount
RtlExpandEnvironmentStrings_U
RtlLeaveCriticalSection
NtSetSecurityObject
NtEnumerateKey
RtlOemToUnicodeN
RtlDeleteCriticalSection
NtQueryVolumeInformationFile
wcstol
NtSetInformationProcess
RtlOpenCurrentUser
NtQueryDirectoryObject
RtlQueryRegistryValues
wcsncpy
_snwprintf
NtMapViewOfSection
strrchr
RtlAllocateAndInitializeSid
NtDuplicateToken
RtlCreateSecurityDescriptor
RtlCreateEnvironment
RtlLengthSid
wcsncat
NtDeleteValueKey
RtlCopySid
NtCancelIoFile
_strnicmp
DbgBreakPoint
RtlNewSecurityObject
NtEnumerateValueKey
NtRequestWaitReplyPort
RtlMakeSelfRelativeSD
strncpy
RtlGetSaclSecurityDescriptor
RtlxUnicodeStringToOemSize
RtlInitializeGenericTable
RtlSetOwnerSecurityDescriptor
NtWriteFile
RtlTimeToTimeFields
NtCreateSection
NtClose
NtFreeVirtualMemory
RtlFreeSid
RtlAppendUnicodeToString
RtlInitializeCriticalSection
strchr
RtlSubAuthoritySid
RtlCreateUserThread
NtOpenProcess
RtlEnterCriticalSection
RtlInitializeResource
RtlAddAccessAllowedAce
RtlWriteRegistryValue
RtlTimeFieldsToTime
RtlSetDaclSecurityDescriptor
NtOpenThread
RtlValidRelativeSecurityDescriptor
RtlMultiByteToUnicodeN
RtlUnicodeStringToOemString
NtCreateFile
RtlDestroyEnvironment
RtlOemStringToUnicodeString
NtQueryObject
memmove
NtOpenEvent
RtlInsertElementGenericTable

advapi32

RegCreateKeyW
RegQueryInfoKeyW
AllocateAndInitializeSid
LookupAccountSidW
CryptDestroyKey
CryptAcquireContextA
ConvertSidToStringSidW
GetTraceLoggerHandle
RegNotifyChangeKeyValue
RegFlushKey
RegEnumKeyExA
RegCloseKey
FreeSid
CryptAcquireContextW
GetSecurityDescriptorOwner
LsaClose
LockServiceDatabase
LookupAccountNameW
OpenServiceW

shlwapi

StrDupW
SHGetValueW
PathCreateFromUrlW
StrCmpNW
wnsprintfW
StrCpyW
StrCmpW
StrCmpNIW
StrToIntW
PathIsURLW
SHDeleteKeyW
SHDeleteKeyA
SHDeleteValueW
SHStrDupW
PathGetDriveNumberW
PathAddBackslashW
UrlIsW
StrChrIW
StrStrIA
StrStrW
PathIsRelativeW
StrRetToBufW
UrlCanonicalizeW
PathStripToRootW
PathIsRootW
PathRemoveFileSpecA
SHRegGetBoolUSValueW
PathIsUNCW
StrStrIW
PathIsDirectoryW
PathFileExistsW
PathSkipRootW
PathFindExtensionA
PathFindFileNameA
SHDeleteValueA
wnsprintfA
UrlUnescapeW
StrToIntExW
StrRChrW
StrChrW
PathFindFileNameW
PathStripToRootA
StrTrimW
PathRemoveBackslashW
StrCatBuffW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveBlanksW

shell32

DragQueryFileA
SHGetPathFromIDListA
SHGetDesktopFolder
ShellExecuteExW
DragQueryFileW
SHGetPathFromIDListW
SHGetFileInfoW
SHChangeNotify
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderPathW
ShellExecuteW
SHBindToParent
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW

rpcrt4

RpcImpersonateClient
CStdStubBuffer_DebugServerQueryInterface
RpcEpResolveBinding
RpcBindingFree
NdrDllRegisterProxy
CStdStubBuffer_AddRef
RpcServerUseProtseqEpW
RpcBindingSetAuthInfoExW
CStdStubBuffer_CountRefs
NdrCStdStubBuffer_Release
UuidFromStringW
RpcStringFreeA
UuidToStringW
NdrStubForwardingFunction
UuidCreate
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrClientCall2
NdrOleFree
NdrServerCall2
RpcBindingSetAuthInfoW
RpcStringBindingParseW
RpcServerUnregisterIf
RpcBindingFromStringBindingW
RpcRaiseException
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
RpcStringBindingComposeW
CStdStubBuffer_Invoke
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
IUnknown_AddRef_Proxy
NdrDllUnregisterProxy

version

GetFileVersionInfoA
VerQueryValueW
VerLanguageNameA
VerQueryValueA
GetFileVersionInfoSizeA
VerFindFileW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.textbss
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 3KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 489B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fd150425d866092f9b1bddab68c2a13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

ntdll

advapi32

shlwapi

shell32

rpcrt4

version

Sections

.textbss Size: 2KB - Virtual size: 2KB

DATA Size: 1024B - Virtual size: 998B

.code Size: 54KB - Virtual size: 53KB

.CRT Size: 1024B - Virtual size: 1002B

.edata Size: 3KB - Virtual size: 3KB

BSS Size: 3KB - Virtual size: 31KB

.edata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 489B

.textbss
Size: 2KB - Virtual size: 2KB

DATA
Size: 1024B - Virtual size: 998B

.code
Size: 54KB - Virtual size: 53KB

.CRT
Size: 1024B - Virtual size: 1002B

.edata
Size: 3KB - Virtual size: 3KB

BSS
Size: 3KB - Virtual size: 31KB

.edata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 489B