435272be6c99c479ca2ed92b8dc260934898ea86d6561ca3405504b86ee4c1a2

Sharing

Copy URL Twitter E-mail

General

Target

435272be6c99c479ca2ed92b8dc260934898ea86d6561ca3405504b86ee4c1a2
Size

2.7MB
MD5

5d8e65202e181f1a88fd1f449fbf46dc
SHA1

3ea16b1c1fa8db574ee39a35a914c252564ff2ac
SHA256

435272be6c99c479ca2ed92b8dc260934898ea86d6561ca3405504b86ee4c1a2
SHA512

551d988fa8b4caa17d947fcd75745326ec393bf86b726c37d640e8ad8dea6dd043d8e6bf2e2170be12720bae689bf46e06b46db8ae87bd9d4d91bb4de6f0b25d
SSDEEP

24576:/qluGT6azI45QnhlGACZ+Tbc0c8yMrKX6amLdCTn5pVbkvjhavLXutSWm+Pb1zlI:o9DMgBnn+0d0TSW3GPxZS3yrGc3WG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
435272be6c99c479ca2ed92b8dc260934898ea86d6561ca3405504b86ee4c1a2

Files

435272be6c99c479ca2ed92b8dc260934898ea86d6561ca3405504b86ee4c1a2
.exe windows:5 windows x86 arch:x86

0055545255402ba7155f3365a13a69cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptDeriveKey
CryptCreateHash
CryptDecrypt
CryptAcquireContextW
CryptGetKeyParam
CryptDestroyKey
RegisterEventSourceW
ReportEventW
CryptGenRandom
CryptSetHashParam
DeregisterEventSource
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptSignHashW
CryptEnumProvidersW

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString

user32

CharUpperW
GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

kernel32

FindClose
DeleteCriticalSection
DeleteFileA
FindNextFileW
RemoveDirectoryW
DeleteFileW
lstrcmpiW
MoveFileExW
CopyFileW
MoveFileW
GetProcAddress
LoadLibraryW
GetFileAttributesW
CompareFileTime
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
CloseHandle
CreateFileW
GetFileInformationByHandle
GetStdHandle
GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetTickCount
GetModuleHandleW
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
SetFileAttributesW
GetModuleHandleA
VirtualAlloc
VirtualFree
OutputDebugStringA
GetTempPathA
GetWindowsDirectoryA
FindFirstFileExW
GetComputerNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
Sleep
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
GetCurrentProcess
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
InitializeCriticalSection
GetFileType
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
MoveFileExA
WaitForSingleObject
GetSystemTime
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetTimeZoneInformation
WriteConsoleW
GetFullPathNameW
CreatePipe
GetExitCodeProcess
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlushFileBuffers
ReadConsoleW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
SetFilePointerEx
LoadLibraryA
GetFileAttributesExW
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateProcessA
DuplicateHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
RaiseException
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
FindFirstFileW
FormatMessageA
FreeLibrary
LocalFree
GetLastError
LoadLibraryExA
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
WaitForSingleObjectEx
FormatMessageW
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
SetEvent
ResetEvent

shell32

SHCreateDirectoryExW

dbghelp

SymInitialize
SymFromAddr
UnDecorateSymbolName
SymCleanup
SymSetOptions

ws2_32

listen
accept
sendto
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
__WSAFDIsSet
select
htonl
ioctlsocket
gethostname
ntohl
shutdown
getnameinfo
recvfrom
freeaddrinfo

wldap32

ord41
ord208
ord73
ord117
ord14
ord46
ord219
ord145
ord26
ord27
ord127
ord216
ord301
ord147
ord133
ord79
ord142
ord167

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreA

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0055545255402ba7155f3365a13a69cd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

oleaut32

user32

kernel32

shell32

dbghelp

ws2_32

wldap32

crypt32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 567KB - Virtual size: 566KB

.data Size: 23KB - Virtual size: 104KB

.gfids Size: 1024B - Virtual size: 620B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 280KB - Virtual size: 280KB

.reloc Size: 87KB - Virtual size: 87KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 567KB - Virtual size: 566KB

.data
Size: 23KB - Virtual size: 104KB

.gfids
Size: 1024B - Virtual size: 620B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 280KB - Virtual size: 280KB

.reloc
Size: 87KB - Virtual size: 87KB