5ad8bbe762f4b99182c26aee80ca7c9a

General

Target

5ad8bbe762f4b99182c26aee80ca7c9a
Size

240KB
MD5

5ad8bbe762f4b99182c26aee80ca7c9a
SHA1

3530c781b5dcb63256fda2de6091a199e999204a
SHA256

dc99fdb55ce3c9e8f578bde9183dab02522184a81d38957f26dc087b0f9662ea
SHA512

99123b68301c6066a551a8d34aa64e7ae584e728e4a50700779a662b7615b086f036e375c62f9d29b178d8c28b0ed9ebd103a344af7cda8cb6a3bb85a2d179e6
SSDEEP

3072:JDx9c32rlzzu4DNqhYF+CNs4NR/nRFjA1pLIeq3LEQGmeC7/k9NwXFy49/ODfU:n9i4pYYF+4s4T/n3k8eqzt/qNw1yYQf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ad8bbe762f4b99182c26aee80ca7c9a

Files

5ad8bbe762f4b99182c26aee80ca7c9a
.dll windows:4 windows x86 arch:x86

2399c640091cd7ac51b7d625fd730a65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteKeyA

oleaut32

SysStringLen
VariantTimeToSystemTime
VariantCopy
VarDecNeg
LoadTypeLibEx
OleLoadPictureFile
VarCyFromDec

kernel32

ExitProcess
ExpandEnvironmentStringsW
FindFirstVolumeMountPointW
GetBinaryTypeA
GetCommConfig
GetCommandLineA
GetCurrentProcessId
GetDateFormatA
GetFileSizeEx
GetLocaleInfoA
GetModuleHandleA
GetVersionExA
HeapAlloc
EnumDateFormatsExW
InitializeCriticalSection
IsBadReadPtr
IsBadWritePtr
Module32FirstW
OpenEventA
PeekConsoleInputW
ReadFile
EnumDateFormatsExA
ReplaceFileW
SetFileAttributesW
VirtualProtectEx
lstrlenA
AddConsoleAliasW
HeapCreate

imm32

ImmGetGuideLineW
ImmUnregisterWordW
ImmSetStatusWindowPos
ImmReSizeIMCC
ImmEnumInputContext
ImmGetVirtualKey
ImmGetCompositionFontA

ole32

OleCreateLinkToFile
OleTranslateAccelerator
CoTaskMemRealloc
CoRegisterMallocSpy
CoGetClassVersion
StgCreateDocfile

ntdll

wcscpy
wcscspn
RtlInitString
RtlDestroyEnvironment

comctl32

PropertySheetA
CreatePropertySheetPageA

Exports

Exports

AddPicture2
D3D9UnregisterResource
DevelopNomalPosToLogPos
EnumDevicePropertyReset
GetSymbolAddress
IsSupportParamItem

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2399c640091cd7ac51b7d625fd730a65

Headers

File Characteristics

Imports

advapi32

oleaut32

kernel32

imm32

ole32

ntdll

comctl32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.data Size: 72KB - Virtual size: 120KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 156KB - Virtual size: 156KB

.data
Size: 72KB - Virtual size: 120KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB