5354e89124faacb87e6bc594c7ca398c

General

Target

5354e89124faacb87e6bc594c7ca398c
Size

388KB
MD5

5354e89124faacb87e6bc594c7ca398c
SHA1

0c6519b4a0129b37bc09e74793e20d969ef6f849
SHA256

dd112e1a0b7dcb18c3c586419bd45fb0de733b4fd52fb49d80a16052de8d5f2a
SHA512

26a7758ed34ab0e6daffd374a43340e85fb11b8a0400908bd199ebfc4433364469be668f870a355a9082d4230e38b7dfc453bb82ebb6da6fa88dbb473d77ba36
SSDEEP

6144:2WTuI6QnTfDFAWiqdQEZMMBTa0IqHPMhaugfUEKJyGbjyCN/QIoMfn4W8byP:RfTJIEZZBTdIqHPMwAjJnbjyEGMf4Fb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5354e89124faacb87e6bc594c7ca398c

Files

5354e89124faacb87e6bc594c7ca398c
.exe windows:4 windows x86 arch:x86

715b006e116d405daf26f249087b2096

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetPath
SetICMMode
ColorCorrectPalette

shell32

ExtractAssociatedIconExA
SHGetDiskFreeSpaceA
RealShellExecuteExA
SHBrowseForFolderA
SHFileOperationW
SheChangeDirA
FindExecutableW
DragQueryPoint
ExtractIconW
DoEnvironmentSubstW
DragAcceptFiles
ShellExecuteExW
ShellAboutA
CommandLineToArgvW
SHAppBarMessage

wininet

InternetGetConnectedStateExA
HttpAddRequestHeadersW
HttpSendRequestA
FtpRemoveDirectoryW
IncrementUrlCacheHeaderData
InternetSecurityProtocolToStringW
FindNextUrlCacheGroup

advapi32

StartServiceA
RegSetValueW
CryptAcquireContextW
InitiateSystemShutdownW
DuplicateTokenEx
LookupAccountNameW
ReportEventW
CryptEnumProviderTypesW
RegConnectRegistryA
GetUserNameA
RegDeleteKeyA
CryptDuplicateKey
CryptEnumProvidersA
RegRestoreKeyW
CryptSetKeyParam
LookupPrivilegeValueA
CryptSignHashA

kernel32

GetCurrentThreadId
QueryPerformanceCounter
GetModuleFileNameA
VirtualQuery
GetTempPathA
LeaveCriticalSection
GetFileAttributesExA
LoadLibraryA
FindNextFileA
GetModuleHandleA
GetSystemTimeAsFileTime
ExitProcess
SetConsoleTitleW
GetProcAddress
HeapReAlloc
TerminateProcess
VirtualAlloc
CompareStringA
HeapAlloc
GetCurrentProcessId
GetCurrentProcess
HeapFree
GetTickCount
InterlockedExchange
MapViewOfFile
GetACP
GetEnvironmentVariableA
RtlUnwind
GetExitCodeThread
lstrcmpiA

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

715b006e116d405daf26f249087b2096

Headers

File Characteristics

Imports

gdi32

shell32

wininet

advapi32

kernel32

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 262KB - Virtual size: 261KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 262KB - Virtual size: 261KB

.rsrc
Size: 13KB - Virtual size: 13KB