f5da271566a5e2e4586fd9448f24bda2

Sharing

Copy URL Twitter E-mail

General

Target

f5da271566a5e2e4586fd9448f24bda2
Size

107KB
MD5

f5da271566a5e2e4586fd9448f24bda2
SHA1

3684777821c6849ed167de262e2f8c09093ae0aa
SHA256

d3ac75a3319529a6a3fc075bde51e2b6ecc6c6bfc70fde34f12df262b56fb48c
SHA512

d9cbfb5c75d4230f29acd1a2e2bfad52774fe560dd26cae4ebfa63cbefe6d1691f001278b13621fc9e3f87aef43855f80e7eba6fb9feb77659bb1fe15f0cc5fa
SSDEEP

1536:4LfbWpzPk2YcCZIpkrVleeGJf58loi7fyKKpLh29cLjy4eAQhLI93lrrWpazapzn:uY7pZ67GJhUowK84ySvfapa2pzO0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5da271566a5e2e4586fd9448f24bda2

Files

f5da271566a5e2e4586fd9448f24bda2
.exe windows:4 windows x86 arch:x86

918a5080866572a7d9844f7b7f121914

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualUnlock
CreateThread
GetSystemTimeAsFileTime
GlobalUnlock
GlobalLock
SetLastError
LoadLibraryExW
GetProcessHeap
GlobalHandle
Sleep
GetTickCount
SetEvent
TerminateProcess
InterlockedExchange
CreateFileW
EnterCriticalSection
LCMapStringW
ReleaseMutex
LoadLibraryW
CloseHandle
HeapSetInformation
WaitForSingleObject
VirtualLock
GetThreadLocale
SizeofResource
LoadResource
GetModuleFileNameW
lstrcmpW
GetProcessVersion
MultiByteToWideChar
GetCurrentProcess
GetTempPathW
HeapFree
GetVersionExW
lstrlenW
lstrlenA
QueryPerformanceCounter
ExitProcess
OpenProcess
CreateEventW
IsDebuggerPresent
CreateMutexW
GetLastError
LockResource
UnhandledExceptionFilter
LocalFree
GetSystemInfo
GetProcAddress
HeapSize
VirtualAlloc
GetLocaleInfoW
LoadLibraryA
GetLocaleInfoA
WideCharToMultiByte
GetComputerNameW
GetCurrentThreadId
GlobalAlloc
GetStartupInfoW
GetProcessId
HeapAlloc
RaiseException
IsProcessorFeaturePresent
GetACP
LocalAlloc
FindResourceExW
VirtualFree
InitializeCriticalSection
MulDiv
InterlockedCompareExchange
GetSystemDirectoryW
HeapDestroy
ResetEvent
LeaveCriticalSection
FreeLibrary
SetUnhandledExceptionFilter
FormatMessageW
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
ProcessIdToSessionId
GlobalFree
FindResourceW
FlushInstructionCache
WaitForMultipleObjects
DeleteCriticalSection
GetVersionExA
GetModuleHandleW

ole32

CoInitializeEx
CoTaskMemAlloc
OleUninitialize
CLSIDFromString
CoInitializeSecurity
OleLockRunning
CoSetProxyBlanket
CoUninitialize
CoGetClassObject
CoAllowSetForegroundWindow
OleInitialize
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CoCreateGuid

gdiplus

GdipCloneImage
GdipDisposeImage
GdiplusStartup
GdipCreateBitmapFromFile
GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipFree
GdiplusShutdown
GdipCreateBitmapFromFileICM

wtsapi32

WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSQuerySessionInformationW
WTSFreeMemory
WTSRegisterSessionNotification

gdi32

GetDeviceCaps
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
BitBlt
CreateCompatibleDC
GetObjectW

secur32

GetUserNameExW

shlwapi

PathCombineW
UrlCanonicalizeW
UrlApplySchemeW
UrlGetPartW
UrlCombineW
PathAppendW

ddraw

DirectDrawCreate
DirectDrawEnumerateA
DirectDrawCreateEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetUserEnum
NetLocalGroupAddMembers
NetUserAdd
NetUserGetLocalGroups
NetApiBufferFree
NetWkstaUserGetInfo
NetUserDel
NetGetJoinInformation

crypt32

CryptUnprotectData
CryptProtectData

shell32

SHAppBarMessage
FindExecutableW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

918a5080866572a7d9844f7b7f121914

Headers

File Characteristics

Imports

kernel32

ole32

gdiplus

wtsapi32

gdi32

secur32

shlwapi

ddraw

version

netapi32

crypt32

shell32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 36KB - Virtual size: 35KB

.rsrc Size: 1024B - Virtual size: 204KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 1024B - Virtual size: 204KB