52f0ab438b76009f16b409512358a58f

Sharing

Copy URL Twitter E-mail

General

Target

52f0ab438b76009f16b409512358a58f
Size

421KB
MD5

52f0ab438b76009f16b409512358a58f
SHA1

91aba6b82f70341dace055a10a064877b5a507b1
SHA256

0d2134e846e51aadd03c67a8f2d4d1f92f33ac0fe82638be90cba18066093f4b
SHA512

49f0c61b40f70af8ac8984f0f15b9bf713955684f1450f57a7ad0a31f8b64fb3fdfe330b4c98030bb520c8956847dac0b310b3800548071245c2fbf0d932ea30
SSDEEP

12288:AdpHozak80dGT6mEsjiAL25CS8hHcFGvSo8:oIaymZjy18h8FsSo8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52f0ab438b76009f16b409512358a58f

Files

52f0ab438b76009f16b409512358a58f
.exe windows:4 windows x86 arch:x86

ec679cf25971bcd2a448c31cbecaf6be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
HeapSize
GetTempPathW
InterlockedDecrement
GetStringTypeA
DeleteCriticalSection
HeapAlloc
LoadLibraryA
WriteFile
Sleep
GetStringTypeW
CreateNamedPipeA
CompareStringW
GetDateFormatA
VirtualFree
WideCharToMultiByte
GetCommandLineW
GetUserDefaultLCID
HeapCreate
GetCurrentDirectoryA
TlsSetValue
GetLocaleInfoA
HeapDestroy
GetLocaleInfoW
lstrcmpiA
IsDebuggerPresent
GetStartupInfoW
GetTimeZoneInformation
GetProcAddress
EnumSystemLocalesA
GetTimeFormatA
HeapFree
ContinueDebugEvent
GetLastError
GetTimeFormatW
IsValidCodePage
VirtualQuery
SetUnhandledExceptionFilter
IsValidLocale
TlsFree
GetCurrentThread
LCMapStringA
FreeEnvironmentStringsW
GetStdHandle
HeapReAlloc
SetLastError
ExitProcess
EnterCriticalSection
CompareStringA
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
SetConsoleCtrlHandler
GetModuleHandleA
GetOEMCP
LCMapStringW
LeaveCriticalSection
GetCurrentThreadId
TlsGetValue
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoA
GetCurrentProcessId
GetModuleFileNameA
SetEnvironmentVariableA
GetEnvironmentStringsW
MultiByteToWideChar
GetTickCount
InterlockedIncrement
GetACP
GetModuleHandleW
UnhandledExceptionFilter
TlsAlloc
RtlUnwind
GetModuleFileNameW
GetSystemTimeAsFileTime
InterlockedExchange
SetHandleCount
FreeLibrary

wininet

InternetConnectW
FtpRenameFileA
InternetCombineUrlW
HttpEndRequestW
HttpCheckDavCompliance
FindNextUrlCacheContainerW
InternetSetCookieA
HttpSendRequestA
FtpDeleteFileW
DeleteIE3Cache
GopherFindFirstFileA
FindNextUrlCacheEntryExA
InternetOpenUrlA
FtpGetFileW
HttpEndRequestA
HttpSendRequestExW
InternetConnectA
CreateUrlCacheContainerW

gdi32

GetCharacterPlacementW
ModifyWorldTransform
GetKerningPairsW
ColorMatchToTarget
SetTextColor
Chord
GetEnhMetaFileDescriptionW
gdiPlaySpoolStream
DeviceCapabilitiesExW
ResizePalette

comdlg32

GetFileTitleA
ReplaceTextA
ChooseColorA
PageSetupDlgW
LoadAlterBitmap
FindTextA
GetFileTitleW
GetOpenFileNameA
ChooseColorW
GetSaveFileNameA

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec679cf25971bcd2a448c31cbecaf6be

Headers

File Characteristics

Imports

kernel32

wininet

gdi32

comdlg32

Sections

.text Size: 136KB - Virtual size: 136KB

.data Size: 273KB - Virtual size: 283KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 136KB - Virtual size: 136KB

.data
Size: 273KB - Virtual size: 283KB

.rsrc
Size: 10KB - Virtual size: 10KB