5a63c86085afbaf21bf8a44ce3fc0d7fcea8af6d71fd40ebc437b73612ca644d

Sharing

Copy URL Twitter E-mail

General

Target

5a63c86085afbaf21bf8a44ce3fc0d7fcea8af6d71fd40ebc437b73612ca644d
Size

986KB
MD5

f21e2de2b0e70c23d3cd6515e183458e
SHA1

23e8adcf0207bad6c915213585b9be255e371984
SHA256

5a63c86085afbaf21bf8a44ce3fc0d7fcea8af6d71fd40ebc437b73612ca644d
SHA512

a91ab03d2fd4c60fce63b75a6643fd6917cdfc7688379ee76d15261cfd2698b6f7924d232a30e0750658789132296801ca6845220821f4b28dc0fcba2894e283
SSDEEP

12288:5cSY5uM3bMCfXTt9/toAM14cZxemwsAgzzzUxSDxa4ixhlXGT0PVYlEEv:Gj5uMrMoXTt9tQzlDxHClXKXOEv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a63c86085afbaf21bf8a44ce3fc0d7fcea8af6d71fd40ebc437b73612ca644d

Files

5a63c86085afbaf21bf8a44ce3fc0d7fcea8af6d71fd40ebc437b73612ca644d
.dll windows:5 windows x86 arch:x86

9e3cd2cf31c35e64fe0b991aff831741

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetTickCount
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
UnlockFile
GetFileSize
WriteFile
ReadFile
CloseHandle
GetModuleHandleW
CreateFileW
GetFileAttributesExW
DeleteFileW
GetLongPathNameW
CreateThread
SetErrorMode
WaitForSingleObject
Sleep
LockFileEx
GetHandleInformation
OpenMutexW
LoadLibraryExW
CreateProcessW
GetTempFileNameW
GetFullPathNameW
SetFileAttributesW
CopyFileW
MoveFileExW
GetVersionExW
GetModuleFileNameW
WritePrivateProfileStringW
WideCharToMultiByte
GetSystemDefaultUILanguage
GetTempPathW
SetFileTime
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
VirtualAlloc
VirtualFree
LocalFree
SetEvent
WaitForMultipleObjects
CreateEventW
RemoveDirectoryW
InterlockedIncrement
InterlockedDecrement
WritePrivateProfileSectionW
DisableThreadLibraryCalls
GetCurrentThreadId
lstrcmpiW
GetShortPathNameW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
InterlockedCompareExchange
SetThreadPriority
ResumeThread
ReleaseMutex
CreateMutexW
GetCurrentProcess
GetFileSizeEx
SetFilePointer
MapViewOfFile
FormatMessageW
WaitForSingleObjectEx
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
WriteConsoleW
SetEndOfFile
SetConsoleCtrlHandler
FindResourceExW
FindResourceW
SizeofResource
LoadResource
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
LoadLibraryW
GetProcAddress
GetStringTypeW
EncodePointer
OutputDebugStringW
IsDebuggerPresent
SwitchToThread
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
ReadConsoleW
GetACP
GetCurrentThread
GetModuleFileNameA
TlsAlloc
DecodePointer
FreeLibrary
TlsGetValue
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcessId
GetLocalTime
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
SetLastError

user32

PeekMessageW
MsgWaitForMultipleObjects
FindWindowW
SendMessageTimeoutW
IsWindow
UnregisterClassW
CharNextW
PostMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
wsprintfW
DispatchMessageW
SetWindowLongW

advapi32

RegCreateKeyExW
CryptReleaseContext
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
ord165

ole32

CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoInitialize
CoCreateGuid
StringFromCLSID
OleUninitialize
CoTaskMemFree
OleInitialize

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

shlwapi

PathCombineW
PathIsPrefixW
PathRemoveFileSpecW
PathFindFileNameW
StrCmpIW
UrlEscapeW
SHGetValueW
PathStripToRootW
StrToIntW
UrlCombineW
PathFindExtensionW
StrDupW
StrCmpNIW
UrlGetPartW
PathRenameExtensionW
PathIsDirectoryW
PathFileExistsW
PathAppendW
StrCpyNW
StrStrIW
StrStrW
StrPBrkW
StrCmpNW
StrChrW

setupapi

SetupIterateCabinetW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetIpAddrTable

urlmon

URLDownloadToFileW

Sections

.text
Size: 789KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IShareO
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e3cd2cf31c35e64fe0b991aff831741

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

version

iphlpapi

urlmon

Sections

.text Size: 789KB - Virtual size: 788KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 13KB - Virtual size: 21KB

.IShareO Size: 512B - Virtual size: 4B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 789KB - Virtual size: 788KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 13KB - Virtual size: 21KB

.IShareO
Size: 512B - Virtual size: 4B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 34KB - Virtual size: 33KB