5162eaaa225d28c2f1c2994267ea94c7

Sharing

Copy URL

Twitter E-mail

General

Target

5162eaaa225d28c2f1c2994267ea94c7
Size

2.3MB
MD5

5162eaaa225d28c2f1c2994267ea94c7
SHA1

ead76cac21c72412888ea6851593415df5ed99fb
SHA256

5db39c0d5f9fffa736647de79dc5f061e20507860f85ef865bb2c934309b470a
SHA512

e66411de2ee7df2a25ef9de7c563cc5517d23ce112dc7bc1a430b141ed46bff7a210620a2cb63162e768714cb8fd8f53a263b122fb990e5bed6b02a9a2a4403d
SSDEEP

49152:UE2pkyDNbpgOMJckiD7bOQWfKltRicwRd6Bgd4M:4nWiDWVfKltRERd6y4M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5162eaaa225d28c2f1c2994267ea94c7

Files

5162eaaa225d28c2f1c2994267ea94c7
.exe windows:4 windows x86 arch:x86

736f5bbe5762db2ae9baf229f2b80102

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

TransparentBlt

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetPathFromIDListW
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
Shell_NotifyIconW

msi

ord160
ord92
ord195
ord32
ord159
ord118
ord8
ord141
ord88
ord131
ord70
ord137

advapi32

StartServiceW
OpenServiceW
ChangeServiceConfigW
RegSetValueExW
QueryServiceStatus
RegOpenKeyExW
CloseServiceHandle
RegCreateKeyW
RegCloseKey
RegEnumKeyW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
OpenSCManagerW

shlwapi

PathFileExistsW
PathStripToRootW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htons
socket
recv
WSACleanup
inet_addr
send
htonl
connect
WSAStartup
closesocket

kernel32

GetCommandLineW
GetTickCount
GetCurrentProcessId
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetModuleFileNameA
FormatMessageW
LocalFree
GetLastError
InitializeCriticalSection
FindFirstFileW
SetFileAttributesW
CreateMutexW
GetVersionExW
DeleteCriticalSection
GetCurrentDirectoryW
GetSystemDirectoryW
CloseHandle
GetFileAttributesW
VirtualFree
VirtualAlloc
FindResourceW
LoadResource
CreateDirectoryW
WriteFile
SizeofResource
ReadFile
CreateFileW
MultiByteToWideChar
LockResource
FreeResource
LoadLibraryA
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
EnterCriticalSection
Sleep
LeaveCriticalSection
CreateProcessW
LoadLibraryW
GetPrivateProfileIntW
GetPrivateProfileStringW
RemoveDirectoryW
GetDiskFreeSpaceExW
FindNextFileW
FreeLibrary
FindClose
GetProcAddress
lstrcmpW
WideCharToMultiByte
DeleteFileW
GetCurrentThreadId
CopyFileW
WritePrivateProfileStringW
GetWindowsDirectoryW
MoveFileExW
QueryPerformanceFrequency
QueryPerformanceCounter
IsBadReadPtr
IsBadWritePtr
DeleteFileA
TerminateProcess
lstrcatA
OpenProcess
GetACP
Process32FirstW
CreateToolhelp32Snapshot
MoveFileW
RemoveDirectoryA
Process32NextW
WaitForSingleObject
lstrcmpiW
GetStdHandle
HeapReAlloc
HeapCreate
HeapDestroy
GetConsoleMode
GetConsoleCP
ExitProcess
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoW
SetStdHandle
GetProcessHeap
GetVersionExA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapAlloc
HeapFree
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetThreadLocale
GetDriveTypeW
LocalAlloc

user32

ReleaseDC
GetWindowDC
GetCursorPos
PostQuitMessage
SetClassLongW
SetFocus
GetFocus
CreateWindowExW
IsWindow
GetDlgItemTextW
KillTimer
LoadCursorW
SetWindowLongW
BringWindowToTop
GetWindowThreadProcessId
CallNextHookEx
EnumWindows
PtInRect
GetDlgCtrlID
OffsetRect
UpdateWindow
SetDlgItemTextW
GetClientRect
DestroyWindow
GetWindowLongW
CreateDialogParamW
GetWindowRect
GetDlgItem
SendMessageW
SetWindowTextW
EnableWindow
GetWindowTextW
ShowWindow
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
GetMessageW
LoadAcceleratorsW
MessageBoxW
DialogBoxParamW
EndDialog
SetTimer
InvalidateRect
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
DestroyIcon
ReleaseCapture
LoadImageW
GetActiveWindow
GetParent
TrackMouseEvent
GetKeyState
DrawIconEx
LoadBitmapW
MapVirtualKeyW
GetDC
SetWindowPos
GetClassNameW
SetCursor
GetWindow
DrawTextW

gdi32

CreateFontW
CreateCompatibleDC
CreateRoundRectRgn
SetBkColor
GetObjectW
BitBlt
SelectObject
DeleteDC
CreateCompatibleBitmap
GetStockObject
DeleteObject
GetTextExtentExPointW
SetTextColor
SetBkMode

ole32

CoUninitialize
CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28.4MB - Virtual size: 28.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

736f5bbe5762db2ae9baf229f2b80102

Headers

File Characteristics

Imports

msimg32

shell32

msi

advapi32

shlwapi

version

ws2_32

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 47KB

.rsrc Size: 28.4MB - Virtual size: 28.4MB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 47KB

.rsrc
Size: 28.4MB - Virtual size: 28.4MB