5e59c3b160bf9784c4f309bdfa9d296a

Sharing

Copy URL Twitter E-mail

General

Target

5e59c3b160bf9784c4f309bdfa9d296a
Size

7.4MB
MD5

5e59c3b160bf9784c4f309bdfa9d296a
SHA1

6fd2a166341061b8c9467ee5db7fa12ad3d5a633
SHA256

ec54103f85d95c284867d43de8b89ee1697fa4d714b2457b657eacdb68961968
SHA512

4c7c28df599b7b3d3489eaea318cc146a90a7c3166f91b06a20e56773f0b55d396ed8f7212e85bc84f2b3e3d51cd8294b6835f6f17b2f69c04277f4da9cde36a
SSDEEP

196608:W8mNBo8myDx6FImicnZ35CxTS/fsieMbOy7b7fNogpGM:7m7AKmicZAxuhRRvBrp

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Keygen.exe
unpack001/WinUtilities/Keygen - ROGUE/keygen.exe
unpack001/WinUtilities/WinUtilities-Professional-Edition-9.67-ru-ru.exe

Files

5e59c3b160bf9784c4f309bdfa9d296a
.rar
WinUtilities/Keygen - Lz0/Linezer0.nfo
WinUtilities/Keygen - Lz0/Linezer0.rar
.rar
Keygen.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 137KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WinUtilities/Keygen - Lz0/file_id.diz
WinUtilities/Keygen - ROGUE/FILE_ID.DIZ
WinUtilities/Keygen - ROGUE/ROGUE.NFO
WinUtilities/Keygen - ROGUE/keygen.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 103KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WinUtilities/WinUtilities-Professional-Edition-9.67-ru-ru.exe
.exe windows:5 windows x86 arch:x86

b21e172d4023b3af223a893c705b3225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetDriveTypeW
CompareStringW
lstrcmpiW
lstrlenW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
ExitProcess
GetModuleFileNameA
TlsFree
TlsSetValue
TlsAlloc
LoadLibraryW
LCMapStringW
LCMapStringA
DeleteCriticalSection
GetStringTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryA
LocalAlloc
PeekNamedPipe
GetStdHandle
TerminateProcess
OpenProcess
SearchPathW
ConnectNamedPipe
CreateNamedPipeW
GetVersion
GetExitCodeProcess
CreateProcessW
GetDiskFreeSpaceExW
ResetEvent
MoveFileW
TerminateThread
GetSystemTime
GetEnvironmentVariableW
GetWindowsDirectoryW
GetSystemDirectoryW
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
CreateFileW
WriteFile
CreateMutexW
GetFileSize
ReadFile
GlobalFree
GetTempPathW
FindFirstFileW
DeleteFileW
InterlockedExchange
WideCharToMultiByte
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
FindClose
CreateFileA
GetFileAttributesW
GetLogicalDriveStringsW
FindNextFileW
RemoveDirectoryW
GetCPInfo
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateDirectoryW
GetCurrentProcessId
CloseHandle
GetExitCodeThread
OutputDebugStringW
GlobalMemoryStatus
GetUserDefaultLangID
SetEvent
GetSystemDefaultLangID
GetLocaleInfoW
EnumResourceLanguagesW
SetFilePointer
CopyFileW
SetCurrentDirectoryW
FlushFileBuffers
LocalFree
FormatMessageW
SetFileAttributesW
GetShortPathNameW
GetTempFileNameW
GetCurrentThread
CreateThread
GetVersionExW
WaitForSingleObject
CreateEventW
SetLastError
FlushInstructionCache
GetCurrentProcess
Sleep
RaiseException
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
TlsGetValue
MulDiv

user32

SetFocus
GetDC
ReleaseDC
GetWindowRect
SendMessageW
GetSysColorBrush
IsWindowVisible
IntersectRect
EqualRect
MapWindowPoints
GetWindowLongW
PtInRect
IsRectEmpty
SetRectEmpty
GetClientRect
ClientToScreen
SetWindowPos
OffsetRect
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
DrawIconEx
GetComboBoxInfo
DrawFrameControl
RegisterWindowMessageW
CreateAcceleratorTableW
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
GetKeyState
DrawTextExW
DrawStateW
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
InflateRect
LoadBitmapW
CharNextW
DrawFocusRect
GetClassNameW
ReleaseCapture
GetCapture
SetCapture
UpdateWindow
GetDlgCtrlID
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
SetScrollPos
EndPaint
FillRect
SetRect
BeginPaint
MoveWindow
GetScrollInfo
ScreenToClient
GetMessagePos
GetSysColor
RedrawWindow
DestroyIcon
SystemParametersInfoW
GetActiveWindow
TrackMouseEvent
GetAsyncKeyState
GetWindowDC
KillTimer
CreateWindowExW
DestroyCursor
GetWindowRgn
DrawTextW
IsZoomed
SetWindowRgn
CreateDialogParamW
EndDialog
DialogBoxParamW
GetNextDlgTabItem
CopyRect
IsWindowEnabled
SetCursor
GetWindow
MonitorFromWindow
GetMonitorInfoW
LoadImageW
InvalidateRect
IsDialogMessageW
IsChild
GetFocus
PostQuitMessage
IsWindow
LoadStringW
MessageBoxW
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
LoadCursorW
GetParent
GetPropW
GetForegroundWindow
MsgWaitForMultipleObjects
GetSystemMenu
ModifyMenuW
FindWindowW
ExitWindowsEx
SetPropW
RemovePropW
EnableMenuItem
LoadMenuW
GetSubMenu
SetTimer
LoadIconW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
UnregisterClassA
CallWindowProcW
SetWindowLongW
GetDlgItem
SetWindowTextW
DestroyWindow
EnableWindow
DefWindowProcW

gdi32

GetTextMetricsW
ExtTextOutW
SetBkColor
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
CreateDIBSection
CreateFontIndirectW
GetObjectW
CreateSolidBrush
GetRgnBox
EqualRgn
CreatePolygonRgn
CreateRectRgnIndirect
GetStockObject
GetBitmapBits
ExcludeClipRect
SelectClipRgn
CreateRectRgn
SetBkMode
SetTextColor
SetViewportOrgEx
GetDeviceCaps
SetBrushOrgEx
CreatePatternBrush
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
CreateBitmapIndirect
CreateFontW

advapi32

LookupPrivilegeValueW
OpenProcessToken
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
GetUserNameW
RegOpenKeyW

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteW

ole32

CoGetClassObject
CoCreateInstance
CLSIDFromString
OleInitialize
CoUninitialize
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoInitialize
CoTaskMemRealloc
CLSIDFromProgID

oleaut32

SysStringByteLen
OleLoadPicture
VarDateFromStr
VarUI4FromStr
LoadRegTypeLi
SysAllocStringByteLen
OleCreateFontIndirect
VariantChangeType
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
LoadTypeLi

dbghelp

SymSetOptions
SymInitialize
StackWalk
SymCleanup
SymGetLineFromAddr
SymGetSymFromAddr
SymFunctionTableAccess
SymGetModuleBase

shlwapi

PathIsUNCW
PathFileExistsW

comctl32

ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetIcon
ImageList_SetBkColor
ImageList_LoadImageW
InitCommonControlsEx
DestroyPropertySheetPage
PropertySheetW
CreatePropertySheetPageW
ImageList_Create
_TrackMouseEvent
ImageList_Destroy

msimg32

TransparentBlt

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 137KB - Virtual size: 404KB

.rsrc Size: 11KB - Virtual size: 12KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 103KB - Virtual size: 436KB

.rsrc Size: 14KB - Virtual size: 16KB

b21e172d4023b3af223a893c705b3225

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

shlwapi

comctl32

msimg32

version

comdlg32

Sections

.text Size: 675KB - Virtual size: 675KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 9KB - Virtual size: 33KB

.rsrc Size: 91KB - Virtual size: 90KB

.reloc Size: 69KB - Virtual size: 68KB

.text
Size: 137KB - Virtual size: 404KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 103KB - Virtual size: 436KB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 675KB - Virtual size: 675KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 9KB - Virtual size: 33KB

.rsrc
Size: 91KB - Virtual size: 90KB

.reloc
Size: 69KB - Virtual size: 68KB