526074e5c0750bd548e16e04a3e7f56d

Sharing

Copy URL Twitter E-mail

General

Target

526074e5c0750bd548e16e04a3e7f56d
Size

584KB
MD5

526074e5c0750bd548e16e04a3e7f56d
SHA1

ed2f56ba9c89f7134b4f98825960d8bbfe3e1b76
SHA256

87dbaf79405c487ebc0d139a5e78d1bd652bf55cc4670cf3ceb4dc7134b2e383
SHA512

821c7fe6b53cf92e81b168d42d5fe430886eb48033c7902523e525a0ed56814681279f93f18522562228ef8fb53f7431365a271ffc289d9e39a8fb8dc728dae5
SSDEEP

12288:0B3KTi+FfTyCe7RzsuKtlO71EYzXHvd+o2H32HGx5IR5:0B3qi+F7yh7RzsuKt2qQEoEAG5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
526074e5c0750bd548e16e04a3e7f56d

Files

526074e5c0750bd548e16e04a3e7f56d
.exe windows:4 windows x86 arch:x86

c90f3a2a2676d83e1aa90f771daf23c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FrameRect
DefDlgProcA
GetPropA
ShowWindow
CreateWindowExA
GetLastActivePopup
GetWindowLongW
GetKeyboardLayoutNameA
NotifyWinEvent
RegisterWindowMessageA
DefWindowProcW
LoadAcceleratorsA
DialogBoxParamA
EnumDisplayDevicesW
EnumDesktopsW
DrawIcon
GetMenuCheckMarkDimensions
DdeQueryStringA
DestroyWindow
CharUpperA
CloseWindowStation
EmptyClipboard
RegisterClassExA
GetWindowInfo
LookupIconIdFromDirectoryEx
MessageBoxA
AttachThreadInput
EnumPropsA
IntersectRect
SetClassLongW
VkKeyScanA
DrawEdge
UnhookWindowsHookEx
RemoveMenu
RegisterClassA
EnumDisplayDevicesA
RemovePropA
CheckDlgButton
GetUserObjectInformationA
InsertMenuItemA
BroadcastSystemMessageW
GetClipboardData
LoadIconA

gdi32

DeleteDC
GetSystemPaletteUse
DeleteObject
RealizePalette
CreateDCA
GetDeviceCaps
GetObjectA

shell32

SHGetDataFromIDListA
ShellAboutW
FindExecutableW

advapi32

CryptGetUserKey
CryptVerifySignatureW
CryptExportKey
RegEnumValueW
CreateServiceA
CryptSetHashParam
CryptAcquireContextA
LookupSecurityDescriptorPartsA
LookupPrivilegeNameA
CryptGetHashParam
CryptSignHashW
LookupAccountSidA
ReportEventW
InitializeSecurityDescriptor
RegRestoreKeyA
RegSaveKeyW
LogonUserW
RegReplaceKeyA
AbortSystemShutdownA
CryptSetProviderExA
RegSetValueA

comctl32

ImageList_GetImageRect
CreateMappedBitmap
ImageList_DragLeave
ImageList_GetIcon
ImageList_EndDrag
CreatePropertySheetPageA
InitCommonControlsEx

kernel32

IsBadWritePtr
GetLocalTime
SetComputerNameA
OpenFileMappingW
SetPriorityClass
GetProfileSectionA
GetCurrentThreadId
GetStringTypeA
GetFileType
SetCriticalSectionSpinCount
SetFilePointer
MultiByteToWideChar
ReadConsoleInputW
CreateMutexA
GlobalGetAtomNameW
SetCurrentDirectoryA
InterlockedDecrement
WaitNamedPipeW
LocalReAlloc
GetStdHandle
GetFileAttributesA
GetTimeZoneInformation
GlobalFindAtomW
lstrcmpiW
TlsSetValue
WriteConsoleInputW
TerminateProcess
HeapAlloc
DebugBreak
GetPrivateProfileStringW
OpenMutexW
HeapFree
GlobalAddAtomW
HeapDestroy
FreeEnvironmentStringsW
VirtualQuery
FindNextFileA
GetSystemTimeAsFileTime
GetProfileStringW
SetHandleCount
GetNamedPipeInfo
VirtualProtect
GetDateFormatW
GlobalSize
EnterCriticalSection
AllocConsole
HeapCreate
SetEvent
ExitThread
FreeEnvironmentStringsA
VirtualFree
TlsFree
GetModuleFileNameW
CreateProcessA
RtlUnwind
TlsGetValue
TerminateThread
GetWindowsDirectoryW
GetCPInfo
GetModuleHandleA
GetEnvironmentStringsA
LoadResource
GetStartupInfoA
InitializeCriticalSection
QueryPerformanceCounter
GetTickCount
ResumeThread
GetACP
GetStartupInfoW
GetSystemTime
WideCharToMultiByte
GetStringTypeW
GetProcAddress
FormatMessageA
RemoveDirectoryA
GetCurrentDirectoryA
GetEnvironmentStrings
LCMapStringA
WriteFile
GetEnvironmentStringsW
DeleteCriticalSection
GetCompressedFileSizeA
CreateEventA
UnhandledExceptionFilter
InterlockedExchange
SetStdHandle
LeaveCriticalSection
CreateMutexW
GetDateFormatA
FindResourceExA
InterlockedIncrement
CloseHandle
GetModuleFileNameA
CompareStringW
GetModuleHandleW
HeapReAlloc
GlobalFix
VirtualAlloc
GetCommandLineW
GetFileAttributesExA
GetCurrentProcessId
OpenWaitableTimerW
ReadFile
CommConfigDialogA
FormatMessageW
LockFileEx
GetCurrentProcess
GetCurrentThread
LCMapStringW
lstrcpyA
GetLastError
TlsAlloc
GetVersion
GetCommandLineA
OpenMutexA
GetPrivateProfileSectionNamesA
OpenProcess
CompareStringA
GetCurrencyFormatA
GetCurrencyFormatW
FlushFileBuffers
DeleteAtom
SetLastError
LoadLibraryA
CopyFileA
FindFirstFileExA
AddAtomA
ExitProcess
CreateNamedPipeA
InterlockedCompareExchange
GetSystemDefaultLangID
GetComputerNameA
SetEnvironmentVariableA
GetCompressedFileSizeW
EnumDateFormatsExW

wininet

HttpQueryInfoW
InternetSetCookieA
RegisterUrlCacheNotification
FtpGetFileEx

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c90f3a2a2676d83e1aa90f771daf23c0

Headers

File Characteristics

Imports

user32

gdi32

shell32

advapi32

comctl32

kernel32

wininet

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 304KB - Virtual size: 300KB

.data Size: 124KB - Virtual size: 150KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 304KB - Virtual size: 300KB

.data
Size: 124KB - Virtual size: 150KB

.rsrc
Size: 20KB - Virtual size: 16KB