52ec0a028f7d2043751db1154b28db2a

Sharing

Copy URL Twitter E-mail

General

Target

52ec0a028f7d2043751db1154b28db2a
Size

672KB
MD5

52ec0a028f7d2043751db1154b28db2a
SHA1

1a0c1338ab1178df1ed7a68bf2fd31d74b5690da
SHA256

d3acc46b15ce2c30a3ab36cf124d840eec6da6678281fda62175431707aea08a
SHA512

39b9bf9d9a4fa112d2045a3dcb5187fad59cd18e10927044002cde1906d251169495d6830525792fe2c6eaa0a29c313337e1d3e6ed14da377769ce9952aa6498
SSDEEP

12288:0SIPqSY1SYEWxUxIqBV4liHpAsc8Xakoe7N+a5E:OtY1STESbSvuakowN+a5E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52ec0a028f7d2043751db1154b28db2a

Files

52ec0a028f7d2043751db1154b28db2a
.dll windows:4 windows x86 arch:x86

acbd8d739285893f9f62ca1334da3501

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
TerminateThread
CloseHandle
SetEvent
InterlockedIncrement
WideCharToMultiByte
OpenEventW
CreateMutexW
lstrlenA
WaitForSingleObject
CreateEventW
GetLastError
MultiByteToWideChar
InterlockedDecrement
OutputDebugStringW
CreateProcessW
CreateThread
Sleep
GetModuleFileNameW
DebugBreak
GlobalFree
GlobalAlloc
ReleaseMutex
GetLocalTime
GetModuleHandleW
GetDateFormatW
CreateDirectoryW
CopyFileW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
HeapFree
GetProcessHeap
CreateFileW
GetFileSize
ReadFile
LocalAlloc
GetVersionExW
GetTickCount
GetModuleHandleA
FreeLibrary
LockResource
GetCurrentProcess
LoadLibraryW
GetTimeFormatW
GetTempPathW
LoadResource
GetSystemInfo
FormatMessageW
LocalFree
FindResourceA
SetLastError
SizeofResource
OutputDebugStringA
GetVersion
GetSystemTime
OpenProcess
LoadLibraryA
GetFileAttributesW
GetProcAddress
HeapAlloc
GetTempFileNameW
DeviceIoControl
IsBadReadPtr
OpenFile
RemoveDirectoryW
GetModuleFileNameA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
RtlUnwind
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
GetCPInfo
GetOEMCP
IsValidCodePage
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
FatalAppExitA
VirtualAlloc
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
ResetEvent

user32

CharLowerW
LoadStringW
CharNextW
SetWindowPos
GetActiveWindow
wvsprintfW
GetClassNameW
GetWindowThreadProcessId
GetParent
UnregisterClassA
FindWindowExW
IsRectEmpty
GetDC
GetDesktopWindow
GetSystemMetrics
CopyImage
ReleaseDC
MessageBoxW
CharUpperW

advapi32

CryptGetKeyParam
GetUserNameW
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
SetNamedSecurityInfoW
OpenProcessToken
GetSidSubAuthority
SetTokenInformation
GetLengthSid
DuplicateTokenEx
GetTokenInformation
ConvertStringSidToSidW
RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
CryptDeriveKey

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CoCreateInstance
OleRun
CoInitialize
CoUninitialize

oleaut32

SysAllocString
OleLoadPicture
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantInit
VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VariantClear
SysFreeString

shlwapi

PathSearchAndQualifyW
PathFileExistsW
PathRemoveFileSpecW

wininet

InternetQueryDataAvailable
InternetReadFile
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
HttpSendRequestW
InternetOpenW
InternetCloseHandle
DeleteUrlCacheEntryW
InternetCrackUrlW

xpcom

NS_StringSetDataRange
NS_CStringContainerInit
NS_CStringSetData
NS_StringContainerInit2
NS_Alloc
NS_StringContainerFinish
NS_GetServiceManager
NS_GetComponentManager
NS_StringGetData
NS_CStringGetData
NS_GetMemoryManager
NS_StringCopy
NS_CStringContainerFinish

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

URLDownloadToFileW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

iphlpapi

GetAdaptersInfo

gdi32

DPtoLP
CreateBitmap
GetDIBits
StretchBlt
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SetMapMode
CreateFontW
CreateDCW
DeleteDC
SetBkColor
SelectObject
GetMapMode
GetObjectW
CreatePatternBrush
BitBlt
DeleteObject

Exports

Exports

NSGetModule

Sections

.text
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smiley
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.oex
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

acbd8d739285893f9f62ca1334da3501

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

xpcom

nspr4

version

urlmon

psapi

iphlpapi

gdi32

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 389KB

.smiley Size: 40KB - Virtual size: 36KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 22KB

.oex Size: 44KB - Virtual size: 42KB

.text
Size: 392KB - Virtual size: 389KB

.smiley
Size: 40KB - Virtual size: 36KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 22KB

.oex
Size: 44KB - Virtual size: 42KB