5187abfd34fe7dcee16b8ec6c4ba2322

Sharing

Copy URL Twitter E-mail

General

Target

5187abfd34fe7dcee16b8ec6c4ba2322
Size

78KB
MD5

5187abfd34fe7dcee16b8ec6c4ba2322
SHA1

ba50fb5da9fb10508a7da7975e87af337117f2a6
SHA256

d3624ad3f1c241744dc65035dafffccf8bc6bcee264809d431e5474c220c4cce
SHA512

f12efa421034b96aa5045819d46a24c12c4b5ee6588fe5a7f54a8f8db84676f803c624b035f539256ef5e1afdec67a4ca45bbcfbeb0596564423271f2c091c31
SSDEEP

1536:f3sT2RFnW8W3dmalWFWzV6WnXQFrWWfxkcdk6xd4mL5aOn:bFW8WYFhiJW/dk6x2mL5aw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5187abfd34fe7dcee16b8ec6c4ba2322

Files

5187abfd34fe7dcee16b8ec6c4ba2322
.exe windows:5 windows x86 arch:x86

b3923695f56762193e3fa1f0e428f3f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
CreateFileA
GetLastError
ReadFile
LockResource
LoadResource
FindResourceA
SetLastError
CloseHandle
GetCurrentThreadId
RaiseException
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
DeleteFileA
InitializeCriticalSection
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
CreateProcessA
OpenEventA
CreateEventA
lstrcpyA
lstrcatA
lstrlenA
lstrcmpA
lstrlenW
lstrcpynA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
HeapSize
HeapReAlloc
HeapCreate
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetModuleHandleW
Sleep
ExitProcess
VirtualProtect
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
IsValidCodePage

user32

wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
CreateDialogParamA
DefWindowProcA
RegisterWindowMessageA
CharNextA
UnregisterClassA
KillTimer
SetTimer
SetWindowLongA
DestroyWindow
PeekMessageA

advapi32

RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsA

rasapi32

RasGetEntryDialParamsA
RasSetEntryDialParamsA
RasSetEntryPropertiesA
RasHangUpA
RasGetConnectStatusA
RasEnumDevicesA
RasGetEntryPropertiesA
RasEnumConnectionsA
RasDialA

urlmon

URLDownloadToFileA

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3923695f56762193e3fa1f0e428f3f6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rasapi32

urlmon

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB