63a459130ee54d681c75f7a250bf5c24

Sharing

Copy URL Twitter E-mail

General

Target

63a459130ee54d681c75f7a250bf5c24
Size

242KB
MD5

63a459130ee54d681c75f7a250bf5c24
SHA1

78ae4c698ad37ec1d4122a84f7087e5066da5a81
SHA256

46930962d848631fcb84893fae129537bd787306deec976bf4d42b45266aa0f3
SHA512

fe60a7e15dd42f9db8891c5d74d1b0ae55b690f20cc242c0cc651813034f1c2fe1237fc4948264f80632355e436622b03c6dcc5a639b6f82800adafa614d42b6
SSDEEP

6144:CQxDw861LoowpH/NMOvTz+RCgo8RUu6UtkrDH69awDn0Ao:6/LoppfNwFUn69aqa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63a459130ee54d681c75f7a250bf5c24

Files

63a459130ee54d681c75f7a250bf5c24
.exe windows:4 windows x86 arch:x86

5d8d528d57bbbf56b6d889a8afedaa19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathUnExpandEnvStringsW
PathUnExpandEnvStringsA

user32

CharLowerA
wsprintfA
GetSystemMetrics
ExitWindowsEx
CharToOemBuffA
CharUpperW
OemToCharBuffA
CharLowerW
CharUpperA

kernel32

GetCurrentThreadId
WaitForSingleObjectEx
ReleaseSemaphore
SetErrorMode
VirtualAlloc
CreateMutexA
EnterCriticalSection
GetModuleHandleW
GetTempFileNameA
OpenSemaphoreA
HeapValidate
QueryPerformanceFrequency
IsDebuggerPresent
ExpandEnvironmentStringsA
FreeLibrary
VirtualFree
GetSystemTimeAsFileTime
OpenMutexA
VirtualProtect
ReleaseMutex
HeapSize
GlobalMemoryStatus
HeapReAlloc
OpenEventA
CreateSemaphoreW
ExpandEnvironmentStringsW
CreateSemaphoreA
PulseEvent
HeapAlloc
CreateEventA
OutputDebugStringA
GetSystemDirectoryA
SleepEx
GetTempPathA
CloseHandle
UnhandledExceptionFilter
ResetEvent
VirtualLock
WaitForSingleObject
WideCharToMultiByte
lstrcpyW
GetModuleHandleA
HeapDestroy
VirtualUnlock
SetUnhandledExceptionFilter
GetSystemInfo
lstrcpyA
GlobalMemoryStatusEx
GetWindowsDirectoryA
DeleteCriticalSection
OpenProcess
HeapFree
LeaveCriticalSection
GetProcessHeap
CompareFileTime
VirtualAllocEx

advapi32

SetSecurityDescriptorSacl
LookupPrivilegeValueA
EqualSid
InitializeSecurityDescriptor
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorDacl
InitializeAcl
SetThreadToken
CopySid
GetUserNameA
ImpersonateLoggedOnUser
DuplicateToken
AddAccessAllowedAce
FreeSid
GetLengthSid
AdjustTokenPrivileges
LookupAccountSidA
AllocateAndInitializeSid
RevertToSelf
OpenThreadToken

userenv

GetProfileType
FreeGPOListW
RsopFileAccessCheck
GetDefaultUserProfileDirectoryW
EnterCriticalPolicySection
GetAllUsersProfileDirectoryA
LeaveCriticalPolicySection

objsel

DllRegisterServer
DllUnregisterServer

Sections

.PEwBnFh
Size: 512B - Virtual size: 29KB

IMAGE_SCN_MEM_READ

.eCLb
Size: 1024B - Virtual size: 35KB

IMAGE_SCN_MEM_READ

.qoUpST
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ

.GXtAOIh
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TfYk
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hhJS
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rSOuwgr
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YOJWFYs
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sBclk
Size: 512B - Virtual size: 215B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cTUMDE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dnoD
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DamwQOn
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d8d528d57bbbf56b6d889a8afedaa19

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

kernel32

advapi32

userenv

objsel

Sections

.PEwBnFh Size: 512B - Virtual size: 29KB

.eCLb Size: 1024B - Virtual size: 35KB

.qoUpST Size: 1KB - Virtual size: 14KB

.GXtAOIh Size: 2KB - Virtual size: 20KB

.text Size: 17KB - Virtual size: 16KB

.TfYk Size: 2KB - Virtual size: 1KB

.hhJS Size: 1KB - Virtual size: 1KB

.rSOuwgr Size: 2KB - Virtual size: 1KB

.YOJWFYs Size: 512B - Virtual size: 168B

.sBclk Size: 512B - Virtual size: 215B

.cTUMDE Size: 1KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 278KB

.rdata Size: 208KB - Virtual size: 208KB

.dnoD Size: 1024B - Virtual size: 782B

.DamwQOn Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.PEwBnFh
Size: 512B - Virtual size: 29KB

.eCLb
Size: 1024B - Virtual size: 35KB

.qoUpST
Size: 1KB - Virtual size: 14KB

.GXtAOIh
Size: 2KB - Virtual size: 20KB

.text
Size: 17KB - Virtual size: 16KB

.TfYk
Size: 2KB - Virtual size: 1KB

.hhJS
Size: 1KB - Virtual size: 1KB

.rSOuwgr
Size: 2KB - Virtual size: 1KB

.YOJWFYs
Size: 512B - Virtual size: 168B

.sBclk
Size: 512B - Virtual size: 215B

.cTUMDE
Size: 1KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 278KB

.rdata
Size: 208KB - Virtual size: 208KB

.dnoD
Size: 1024B - Virtual size: 782B

.DamwQOn
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB