0055891b981c2fe92eb2ba82efd1b2ba

Sharing

Copy URL Twitter E-mail

General

Target

0055891b981c2fe92eb2ba82efd1b2ba
Size

426KB
MD5

0055891b981c2fe92eb2ba82efd1b2ba
SHA1

5dce58502e8144ed4e1fe4699c683fbaf0cf4c52
SHA256

f4b4cee301d4466cd08cd8e11548432c863ab3969470041c2c72d2f003204155
SHA512

3c3773c198401b1c7a7689e34923baf9b2eb29bbe1079f9f6520cf1a4102cc1cb29425ca23e67fe542d965c34721f038d1a40594df569ceb8dc2ef48cb10fec2
SSDEEP

12288:z4Iwn/L0cFu+lCSGm6kd/05o3vGnaU4FV0rkk3Wg:kVL0cFuuCpkd/05o3vsa2N3X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0055891b981c2fe92eb2ba82efd1b2ba

Files

0055891b981c2fe92eb2ba82efd1b2ba
.exe windows:4 windows x86 arch:x86

d45cfe5189c6958e5212c19c50209d18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
TlsGetValue
GetModuleFileNameA
GlobalFindAtomW
GetProcAddress
LoadLibraryA
VirtualQuery
GetCurrentProcessId
TlsAlloc
HeapAlloc
GetVersionExA
ReadConsoleW
IsValidLocale
CompareFileTime
GetEnvironmentStrings
GetCPInfo
EnumSystemLocalesA
HeapFree
LeaveCriticalSection
GetOEMCP
SetHandleCount
GetStringTypeW
InterlockedExchange
FreeEnvironmentStringsA
ExitProcess
IsValidCodePage
RtlUnwind
RemoveDirectoryW
GetLastError
WriteFile
MoveFileA
DeleteCriticalSection
SetEnvironmentVariableA
LCMapStringW
WideCharToMultiByte
GetStringTypeA
TlsFree
HeapDestroy
GetCurrentProcess
CompareStringW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LockResource
GetSystemInfo
HeapSize
SetLocaleInfoA
InitializeCriticalSection
IsBadWritePtr
GetTimeFormatA
WritePrivateProfileStringA
GetCurrentThread
GetEnvironmentVariableA
MultiByteToWideChar
LCMapStringA
TlsSetValue
HeapReAlloc
GetFileType
TerminateProcess
UnhandledExceptionFilter
GetDateFormatA
LoadModule
GetLocaleInfoA
GetCommandLineA
GetUserDefaultLCID
SetConsoleMode
GetTickCount
GetACP
GetProcAddress
SetLastError
CompareStringA
EnterCriticalSection
HeapCreate
GetLogicalDriveStringsA
GetCurrentThreadId
GetStartupInfoA
VirtualProtect
GetModuleHandleA
GetTimeZoneInformation
GetPrivateProfileStringA
GetLocaleInfoW
GetThreadPriorityBoost
GetFileSize
FreeEnvironmentStringsW
VirtualAlloc
VirtualFree
GetUserDefaultLangID

comdlg32

FindTextA
GetFileTitleW

gdi32

CreateBitmap
CreateBrushIndirect
GetDIBits
SetGraphicsMode
MoveToEx
GetDIBColorTable
SetColorSpace
EnumObjects
Rectangle
EnumFontFamiliesW
Escape
GetColorSpace
EnumEnhMetaFile
GetWindowExtEx
DeviceCapabilitiesExA
GetCurrentPositionEx
EnumFontFamiliesExA
ColorMatchToTarget
SelectClipPath
OffsetWindowOrgEx
GdiPlayJournal
PolyTextOutW
SetBitmapDimensionEx

advapi32

CryptGenKey
CryptSetKeyParam
GetUserNameW
RegLoadKeyW
CryptReleaseContext
RegEnumValueA
CryptSetProviderExW
RegRestoreKeyW
RegSetValueW
StartServiceA
RegLoadKeyA
RegQueryValueA
RegSaveKeyW
RegSetValueA
RegEnumValueW
RegQueryValueExW

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d45cfe5189c6958e5212c19c50209d18

Headers

File Characteristics

Imports

kernel32

comdlg32

gdi32

advapi32

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 8KB - Virtual size: 22KB

.data Size: 277KB - Virtual size: 276KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 8KB - Virtual size: 22KB

.data
Size: 277KB - Virtual size: 276KB

.rsrc
Size: 11KB - Virtual size: 11KB