05364437a2cc052a0265ad2bec70b628

Sharing

Copy URL Twitter E-mail

General

Target

05364437a2cc052a0265ad2bec70b628
Size

108KB
MD5

05364437a2cc052a0265ad2bec70b628
SHA1

9b21639bb629da8e710b9f3fa3091b4e0424f624
SHA256

5af413b85af85fe91ac3be42645f2632eaae72fd11332f5ed72a2fa6470c70fe
SHA512

12cdcf0badcd2dc6fd1313fcbb1ecb44eca88d6c5c6c545d3830cb9e54ad33aad95cff3f8c4d23464d499355383d69c55312c6aab9c1a6d3add2d35939ad3a5d
SSDEEP

3072:GvdtvtaVO6Itvt3X8v3VDyajZzK3CtVE:GdVpxX8xzK3qE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05364437a2cc052a0265ad2bec70b628

Files

05364437a2cc052a0265ad2bec70b628
.exe windows:4 windows x86 arch:x86

5f61b5136705e35de18a79e3e1c32958

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

kernel32

LCMapStringW
LCMapStringA
FlushFileBuffers
SetUnhandledExceptionFilter
VirtualFree
HeapCreate
GetWindowsDirectoryA
GetVersionExA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
TerminateProcess
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryExA
GetStringTypeA
lstrlenA
GetFileAttributesA
lstrcmpiA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
GetPrivateProfileStringA
GetTempPathA
GetSystemDirectoryA
Sleep
GetTempFileNameA
FindResourceA
LoadLibraryA
GetShortPathNameA
SetFilePointer
ReadFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetFullPathNameA
HeapDestroy
UnhandledExceptionFilter
HeapSize
IsBadWritePtr
HeapReAlloc
GetEnvironmentVariableA
GetModuleFileNameA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcess
RaiseException
ExitProcess
GetVersion
GetLastError
WideCharToMultiByte
LocalFree
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
VirtualAlloc

user32

EnumWindows
LoadStringA
FindWindowA
GetWindowThreadProcessId
wsprintfA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateGuid
OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
SysAllocString

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f61b5136705e35de18a79e3e1c32958

Headers

File Characteristics

Imports

wininet

urlmon

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 46KB

.sxdata Size: 4KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 46KB

.sxdata
Size: 4KB - Virtual size: 4KB