5edd232451887323354167a7c62ea543

Sharing

Copy URL Twitter E-mail

General

Target

5edd232451887323354167a7c62ea543
Size

252KB
MD5

5edd232451887323354167a7c62ea543
SHA1

7d5f8169461e0a939f6a4e567f3d66d7e26b5cf5
SHA256

2fddc543cf2ab2fb9927838d3a12699b9b2931c9f481ee8368ef3fce70c9ed0f
SHA512

5888691a316a851f5d5764ee120531cad5fc7e3725bd63734f2450d61751e59fcb029f48a59db863a53d622640b9e0f15e22d38616af01f8ee6c908fa4157bb0
SSDEEP

6144:+XT8Tvky+CyIOEKBDk0wXpQt0YTiCYjEqiC:poj+nsbYjEq3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5edd232451887323354167a7c62ea543

Files

5edd232451887323354167a7c62ea543
.exe windows:4 windows x86 arch:x86

e02ab6387829bc4d1db99b28102de97f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindowAsync
FindWindowA
IsChild
SetWindowPlacement
GetDialogBaseUnits
GetClientRect
GetWindowRect
EndDialog
GetTopWindow
IsWindow
EnumWindows

gdi32

AngleArc
GetBitmapDimensionEx
GetBkColor
CreateDCA
GdiFlush
AddFontResourceA
EndPage
DrawEscape
BitBlt
GdiComment
EqualRgn

advapi32

RegCreateKeyA
SetTokenInformation
ReportEventA
OpenProcessToken
RegOverridePredefKey
GetOldestEventLogRecord
DeregisterEventSource

kernel32

GetProcAddress
ResetEvent
ResumeThread
OpenMutexA
SuspendThread
GetStartupInfoA
GetExitCodeThread
VirtualAlloc
ReleaseMutex
GetModuleHandleA
OpenEventA
VerLanguageNameA
GetACP
HeapDestroy
LeaveCriticalSection
VirtualFree
SetEvent
CreateMutexA
GlobalFlags
GlobalHandle
VirtualQuery
HeapLock
GetProcessHeap
LocalSize
GetSystemDefaultLangID
LocalHandle
WritePrivateProfileStructA
GetPrivateProfileSectionNamesA
GetProfileStringA

version

GetFileVersionInfoSizeA
VerQueryValueA
VerInstallFileA
GetFileVersionInfoA
VerFindFileA

winspool.drv

AddPrintProcessorW
AddJobA
DeletePrinterConnectionW
DeletePrinterConnectionA
EnumJobsW
AdvancedDocumentPropertiesA
ConnectToPrinterDlg
SetPrinterA
DeletePrinterKeyA
EnumPrintersW
DeletePrinterDriverA
SetJobW

netapi32

NetConnectionEnum
NetGroupAdd
NetFileClose
NetFileGetInfo
NetAuditRead
NetGroupAddUser
NetAuditClear
NetGetJoinableOUs
Netbios
NetErrorLogClear
NetErrorLogWrite
NetServerComputerNameDel
NetConfigGet

msvcrt

__setusermatherr
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ckr
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e02ab6387829bc4d1db99b28102de97f

Headers

File Characteristics

Imports

user32

gdi32

advapi32

kernel32

version

winspool.drv

netapi32

msvcrt

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 74KB - Virtual size: 450KB

.ckr Size: 137KB - Virtual size: 136KB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 74KB - Virtual size: 450KB

.ckr
Size: 137KB - Virtual size: 136KB

.rsrc
Size: 23KB - Virtual size: 22KB