519e22a63c37fb5bc8d34a7ef4165d68

Sharing

Copy URL Twitter E-mail

General

Target

519e22a63c37fb5bc8d34a7ef4165d68
Size

104KB
MD5

519e22a63c37fb5bc8d34a7ef4165d68
SHA1

e520e43fe7793a42ef87cae2ef71029ed2694efd
SHA256

3a35cd22ceeebeb2f3a2fa63424c3ff5b05de617918eb6b68b692bff1f381df9
SHA512

e444870d263767a04c5781b104b1a7a888007fbcd5cc849439cd4295f06cf892fe3821db2e76212e1e80b33da08d04d88f28cb0bdcb7ff43b3fb270f3fa96798
SSDEEP

1536:X3kD8Saj7OqhiKPbuWpu1TpAaVtfWHEkxbbz4mncV2H6EN:XvSe7OqhiKTrYpAaVly7xbbzYVs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
519e22a63c37fb5bc8d34a7ef4165d68

Files

519e22a63c37fb5bc8d34a7ef4165d68
.exe windows:6 windows x86 arch:x86

a1b13ac7fd73f537f173be4339ac7120

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetLastError
CloseHandle
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapSetInformation
GetCurrentProcess
SetPriorityClass
GetCommandLineW
GetModuleHandleW
LocalFree
UnhandledExceptionFilter
LocalAlloc
OutputDebugStringA

msvcrt

wcscpy_s
_controlfp
_snwprintf_s
_vsnwprintf_s
_vsnwprintf
??0exception@@QAE@ABQBD@Z
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
memcpy_s
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
__CxxFrameHandler3
memcpy
swscanf_s
memset
memmove_s
__p__commode

ntdll

NtOpenProcess
NtReadVirtualMemory
RtlCompareMemory
NtWriteVirtualMemory
RtlNtStatusToDosError
WinSqmSetDWORD
WinSqmStartSession
WinSqmEndSession

ole32

CoTaskMemFree

credui

CredUIPromptForWindowsCredentialsW

shell32

CommandLineToArgvW

netapi32

NetApiBufferFree
NetValidatePasswordPolicy

advapi32

TraceMessage

user32

LoadStringW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fqeqhmx
Size: 27KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gxmyght
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1b13ac7fd73f537f173be4339ac7120

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

ole32

credui

shell32

netapi32

advapi32

user32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 30KB

fqeqhmx Size: 27KB - Virtual size: 32KB

gxmyght Size: - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 30KB

fqeqhmx
Size: 27KB - Virtual size: 32KB

gxmyght
Size: - Virtual size: 4KB