52cd146fbf327ac153d8a45a191b3f0c

Sharing

Copy URL Twitter E-mail

General

Target

52cd146fbf327ac153d8a45a191b3f0c
Size

118KB
MD5

52cd146fbf327ac153d8a45a191b3f0c
SHA1

c306848f700002de2963c78f2ebccd0668c7b3f1
SHA256

70a270c98484a5225a31995b0b983c6b8316d08db975b3e5240bb7db0021581c
SHA512

aa024d46b201bd814479c73980de0cf8c9c4e7c5d0df699443766c208725d97a226c7d0596be0b70a4b03b0a2747c8c429085ef926104f97bfacd325626140a7
SSDEEP

1536:CFVreFBWZ9MkW2BpKp8r3lMyY5s/+hICrLY+XnGTDpplaADGW3L1dc:CFQ7WZ02RvY+WhICrLYpTrlvKh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52cd146fbf327ac153d8a45a191b3f0c

Files

52cd146fbf327ac153d8a45a191b3f0c
.dll windows:4 windows x86 arch:x86

d1f4819453409859975f85980819f836

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlZeroHeap
wcsstr
RtlLargeIntegerSubtract
RtlFindRange
RtlDestroyAtomTable
RtlClearAllBits
RtlDecompressFragment
_itoa
wcsspn
RtlAcquireResourceExclusive
RtlLargeIntegerAdd
RtlGetSaclSecurityDescriptor
_wtoi
NtQueryInformationFile
RtlSetOwnerSecurityDescriptor
NtAlertResumeThread
RtlAppendAsciizToString
RtlCancelTimer
NtDeleteObjectAuditAlarm
RtlLargeIntegerArithmeticShift
RtlDeregisterWaitEx
NtWriteVirtualMemory
RtlpNtMakeTemporaryKey
KiRaiseUserExceptionDispatcher
RtlFindLongestRunClear
wcscpy

kernel32

TlsGetValue
FlushConsoleInputBuffer
InterlockedCompareExchange
GetNamedPipeHandleStateW
WriteProfileSectionW
CompareStringW
InterlockedDecrement
OpenSemaphoreW
ExitProcess
GetPrivateProfileSectionNamesA
CloseConsoleHandle
VirtualAlloc
SetVolumeLabelW
lstrlenA
ConvertThreadToFiber

gdi32

SetSystemPaletteUse
Polygon
GetETM
RestoreDC
OffsetViewportOrgEx
SelectClipRgn
SetDIBitsToDevice
CreatePen
RoundRect
GetRgnBox
GetKerningPairsA
GdiConvertToDevmodeW
ResetDCW
GdiConvertBitmap
bInitSystemAndFontsDirectoriesW
SetMetaRgn
DeleteDC
GetTextFaceA
SetStretchBltMode
GetGlyphOutlineWow
DeleteObject
GetGlyphOutline
GetRegionData
GetFontLanguageInfo
GetEnhMetaFileW
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
GetTextColor
OffsetClipRgn
GetClipBox
PlgBlt
UpdateColors
GdiEntry12
GetEnhMetaFilePaletteEntries
SaveDC
GetRandomRgn
GdiGetLocalFont
GdiConvertRegion

ole32

HWND_UserUnmarshal
WdtpInterfacePointer_UserMarshal
WriteFmtUserTypeStg
HWND_UserSize
CoGetStandardMarshal
CoTaskMemFree
CoFileTimeNow
CoDosDateTimeToFileTime
CoLoadLibrary
HMETAFILEPICT_UserSize
OleCreateEx
SetDocumentBitStg
GetClassFile
CoReleaseMarshalData
EnableHookObject
HPALETTE_UserFree
OleLockRunning

Sections

.text
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1f4819453409859975f85980819f836

Headers

File Characteristics

Imports

ntdll

kernel32

gdi32

ole32

Sections

.text Size: 45KB - Virtual size: 48KB

.data Size: 66KB - Virtual size: 176KB

.adata Size: 3KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 48KB

.data
Size: 66KB - Virtual size: 176KB

.adata
Size: 3KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB