52fead76d79c7cfadfb09beb592cb44e

Sharing

Copy URL Twitter E-mail

General

Target

52fead76d79c7cfadfb09beb592cb44e
Size

874KB
MD5

52fead76d79c7cfadfb09beb592cb44e
SHA1

95c0843f2ea6d050e1f9c7dc5ce773c6bc2b4396
SHA256

ddeffd3b06e688b19f5d34ecd3ac470628a38fba7bf50843c32823b1267bb96b
SHA512

2c3c9a43ec1eb119295ba730a2f16d7f74cbd21bad75fb12bcf461dfa1e124e2d76821d10e1e739979cbec130c2152f058c9d29c657777efdb27fab05bb328e7
SSDEEP

12288:DmH5gJk5VZQR6qAQEwybDWYgeWYg955/155/IcCfVJqO7LOAOnNtMCo8dlqB/e:DqeyfQrAQEtbVfVJqO/fOn3Vq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52fead76d79c7cfadfb09beb592cb44e

Files

52fead76d79c7cfadfb09beb592cb44e
.exe windows:6 windows x64 arch:x64

e9087e06bd6f1ca5691ba13805edf527

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameW
GetTokenInformation
GetLengthSid
OpenProcessToken
IsValidSid
CopySid
GetUserNameA
ConvertSidToStringSidA

kernel32

FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTitleA
GetStdHandle
CreateFileW
CloseHandle
FillConsoleOutputAttribute
GetConsoleWindow
SetConsoleCursorPosition
Sleep
DeleteFileW
GetModuleFileNameA
Process32First
VirtualProtect
HeapFree
GetCurrentProcess
InitializeCriticalSectionEx
HeapSize
CreateToolhelp32Snapshot
GetLastError
Process32Next
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
Beep
LocalFree
DeleteCriticalSection
GetProcessHeap
OutputDebugStringA
WaitForSingleObject
CreateFileA
GetCurrentThread
CreateThread
GetThreadContext
GetCurrentProcessId
IsDebuggerPresent
GetExitCodeProcess
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
RtlVirtualUnwind
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadFile
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
GetFileSizeEx
CreateProcessW
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
VirtualQuery
VirtualAlloc
GetSystemInfo
LoadLibraryExW
FreeLibrary
TlsFree
FormatMessageA
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
GetStartupInfoW
OutputDebugStringW
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
RtlUnwind

user32

ShowWindow
SetCursorPos
GetSystemMetrics
SetWindowLongA
GetWindowLongA
GetWindowRect
SetWindowPos
MessageBoxA
GetAsyncKeyState
BlockInput

winhttp

WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpSetOption
WinHttpOpenRequest
WinHttpReceiveResponse

userenv

UnloadUserProfile

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

urlmon

URLDownloadToFileA

ntdll

RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9087e06bd6f1ca5691ba13805edf527

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

winhttp

userenv

rpcrt4

urlmon

ntdll

Sections

.text Size: 531KB - Virtual size: 531KB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 15KB - Virtual size: 31KB

.pdata Size: 22KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 531KB - Virtual size: 531KB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 15KB - Virtual size: 31KB

.pdata
Size: 22KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 5KB