5e0582b2c7a0d42ea20654b62a2d0bf4

Sharing

Copy URL Twitter E-mail

General

Target

5e0582b2c7a0d42ea20654b62a2d0bf4
Size

177KB
MD5

5e0582b2c7a0d42ea20654b62a2d0bf4
SHA1

515df83c76dc0f334dbca3ebd980d954d6b629be
SHA256

a6311acde561cecee2c11d6287879933b430e4233922ac8d69f054cb8353769a
SHA512

b7c6c7b8d8b637fee709ed067515a348b6031895a9e012e127c0235e94c52dbeffaaa7d9c19147e2d18ac52a04a2c1125501a0e3de73bbfc434d54b2483ff192
SSDEEP

3072:pHb6byTZ4Tgo516ov0/Y65DimMsoqX5XA+pL0k24BQW/9gJeKn:puj16ovqNimMsl5XtLCW/99

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e0582b2c7a0d42ea20654b62a2d0bf4

Files

5e0582b2c7a0d42ea20654b62a2d0bf4
.exe windows:5 windows x86 arch:x86

6598e15c60a8807074642db43bd81e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA

oleaut32

SysFreeString
VarUI4FromStr

comdlg32

CommDlgExtendedError

shell32

SHGetSpecialFolderPathA
ShellExecuteW
SHGetSpecialFolderLocation

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RevertToSelf
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
AddAccessAllowedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
CloseServiceHandle
ControlService
DeleteService
FreeSid
GetLengthSid
GetUserNameA
ImpersonateSelf
InitializeAcl
IsValidSecurityDescriptor
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
OpenThreadToken
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA

user32

SetWindowPos
SetDlgItemTextA
SetCapture
SendMessageA
LoadStringA
IsDlgButtonChecked
GetWindowRect
GetWindowInfo
GetSystemMetrics
GetParent
GetDlgItem
EndDialog
EnableWindow
DialogBoxParamA
CreateCursor
CopyRect
MessageBoxA

kernel32

GetShortPathNameA
GetStartupInfoA
GetSystemDirectoryA
GetUserDefaultLangID
WinExec
GetVersionExA
GetWindowsDirectoryA
LocalAlloc
MapViewOfFile
WaitForSingleObject
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateProcess
Sleep
SetLastError
SetFilePointer
SetFileAttributesA
SetEnvironmentVariableA
SetEndOfFile
SetCurrentDirectoryA
RemoveDirectoryA
GetProcAddress
Process32Next
Process32First
OpenProcess
OpenFile
MultiByteToWideChar
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetFileSize
GetFullPathNameA
GetLastError
GetModuleHandleA
GetPrivateProfileStringA
MoveFileExA

ole32

CoInitialize
CoUninitialize

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

CreateTempFileStream
ExecuteSql
FIsValidFileNameCharA
HrGetBodyElement
HrGetCertKeyUsage
Idle
ReplaceCharsW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6598e15c60a8807074642db43bd81e07

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

oleaut32

comdlg32

shell32

advapi32

user32

kernel32

ole32

version

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 9KB - Virtual size: 8KB