5c9028bf6c03dc40a9769e3fa9c2f18e

Sharing

Copy URL Twitter E-mail

General

Target

5c9028bf6c03dc40a9769e3fa9c2f18e
Size

124KB
MD5

5c9028bf6c03dc40a9769e3fa9c2f18e
SHA1

0759d03a9b2f6977d7a78c1952d12cb58552c8e9
SHA256

29c0e7ff7c553637d567ea63e639f1ac259de5318d534fe28c5e5790b5e026b9
SHA512

e2b25b34465bf94748f76f46cd7e66370933fd8fc3e070a12bd85ae53be8534c32f5c6c049af72b10b7718fb0b83079e888378ffc3b696275a73cc94e68da6c7
SSDEEP

3072:tAgfvrxpIaSHQaUv48BHFlI3Ek3N0HPBeb:tZHI1Hev4QlI3z3N2PE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c9028bf6c03dc40a9769e3fa9c2f18e

Files

5c9028bf6c03dc40a9769e3fa9c2f18e
.exe windows:5 windows x86 arch:x86

7920fab41e2bd379d0923cc50801f765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
CreateFileW
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent
CreateFileA
FlushFileBuffers
WriteConsoleW
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
GetProcessHeap
GlobalFree
LoadLibraryW
Sleep
RtlUnwind
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
CompareStringW
FreeEnvironmentStringsW
CloseHandle
TlsGetValue
TlsAlloc
ReadFile
GetLastError
GetMailslotInfo
HeapCreate
GlobalAlloc
GetTickCount
GetCurrentProcess
HeapAlloc
GetModuleFileNameA
lstrlenA
HeapFree
HeapSize
HeapReAlloc
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
WideCharToMultiByte
GetTimeZoneInformation
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
GetModuleFileNameW
SetFilePointer
SetEnvironmentVariableA

user32

MoveWindow
DestroyWindow
GetMessageA
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
SetCapture
GetSubMenu
LoadBitmapA
LoadIconA
GetClientRect
SendMessageA
GetDC
TranslateMessage
GetMenu
InvalidateRect
SetCursorPos
ReleaseDC
EnableMenuItem
GetDlgItem
DefWindowProcA
DestroyCursor
GetCursorPos
LoadAcceleratorsA
ShowWindow
DrawMenuBar
IsWindow
DispatchMessageA
MessageBoxW
ReleaseCapture
CloseWindow
DestroyMenu
LoadCursorA
DialogBoxParamA
GetScrollPos
CheckMenuItem
RegisterClassA

gdi32

LineTo
DeleteDC
SelectObject
CreateCompatibleDC
SetStretchBltMode
GetTextMetricsA
MoveToEx

winspool.drv

ClosePrinter

comdlg32

PrintDlgA

advapi32

RegOpenKeyExW
RegDeleteValueW
RegSetValueExA
RegCloseKey

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7920fab41e2bd379d0923cc50801f765

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 31KB - Virtual size: 38KB

.rsrc Size: 17KB - Virtual size: 20KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 31KB - Virtual size: 38KB

.rsrc
Size: 17KB - Virtual size: 20KB