541404e28a90bfbee74ff7e601870fa5

Sharing

Copy URL Twitter E-mail

General

Target

541404e28a90bfbee74ff7e601870fa5
Size

2.1MB
MD5

541404e28a90bfbee74ff7e601870fa5
SHA1

3f48d7e87b278eaa0d6c2b3c062aff1b2e29e83b
SHA256

d43398a7bc1a87dbeb94f80b4edba58754f312af2566c5654cab625a00c103b2
SHA512

d73ff7fbfebb8bccdc1e930a9d0c780375b62b15e972265dfa5f6e600472f043e91da3f66d7b8eda21b694efa5cfaad7e0c287e41f8277300772f3b66ff788dd
SSDEEP

49152:Dn0eI3aEL0pVUna6c2G6LmnWDGAiKVth:Dn0eCL0pgYW7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
541404e28a90bfbee74ff7e601870fa5

Files

541404e28a90bfbee74ff7e601870fa5
.exe windows:6 windows x86 arch:x86

e6a822994d4929da677b3e63fc89963f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FindResourceW
LoadResource
CloseHandle
WinExec
LockResource
GetModuleFileNameW
WriteFile
SizeofResource
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseMutex
OpenEventW
SetErrorMode
WaitForMultipleObjectsEx
GlobalAlloc
IsBadWritePtr
IsBadReadPtr
ResetEvent
RaiseException
IsDebuggerPresent
lstrcpynW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindClose
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocalTime
SystemTimeToFileTime
CopyFileW
GetWindowsDirectoryW
GetSystemDirectoryW
GetSystemTime
GetTempPathW
SetEndOfFile
GetFullPathNameW
GetEnvironmentVariableA
GetEnvironmentVariableW
CreateFileW
GetFileSize
DuplicateHandle
HeapAlloc
HeapFree
GetProcessHeap
ReleaseSemaphore
OpenMutexW
CreateSemaphoreW
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
TlsGetValue
FlushInstructionCache
GetSystemInfo
GetTickCount
VirtualAlloc
VirtualFree
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpyA
lstrlenA
HeapReAlloc
lstrcmpiA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
CreateDirectoryW
DeleteFileW
ReadFile
GetLastError
WaitForSingleObject
GetCurrentProcessId
ExitProcess
GetExitCodeProcess
CreateThread
CreateProcessW
GetStartupInfoW
LocalFree
lstrcmpA
lstrcmpiW
lstrcpyW
lstrcatW
lstrlenW
MoveFileW
CreateMutexW
TlsSetValue
SetEnvironmentVariableW
SetCurrentDirectoryW
GetFileAttributesW
SetFilePointer
SetEvent
CreateEventW
Sleep
WaitForMultipleObjects
TerminateProcess
CreateRemoteThread
TerminateThread
OpenProcess
VirtualProtect
VirtualAllocEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
OpenFileMappingW
FindResourceExW
GetModuleHandleA
LoadLibraryExW
LoadLibraryA
EnumResourceNamesW
GetLocaleInfoW
GetSystemDefaultUILanguage
EnumUILanguagesW
AllocConsole
FreeConsole
AttachConsole
SetConsoleTitleW
GetConsoleWindow
SetLastError
RemoveVectoredExceptionHandler
HeapCreate
HeapDestroy
TlsAlloc
TlsFree
GetVersionExW
GetComputerNameW
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentDirectoryW
CreateFileA

user32

EndPaint
BeginPaint
UpdateWindow
PostQuitMessage
LoadCursorW
LoadIconW
TranslateMessage
TranslateAcceleratorW
DispatchMessageW
ShowWindow
LoadStringW
LoadAcceleratorsW
RegisterClassExW
CreateWindowExW
DefWindowProcW
GetMessageW
GetPropW
GetMonitorInfoW
wsprintfW
wsprintfA
MessageBoxW
FindWindowA
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
SetWindowPos
SetTimer
SetPropW
MonitorFromWindow

advapi32

MakeSelfRelativeSD
RegDeleteValueW
OpenProcessToken
EqualSid
RegCreateKeyExW
GetSecurityDescriptorControl
RegCloseKey
RegSetValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegOpenKeyW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegQueryValueExW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
IsTokenRestricted
GetTokenInformation
RegDeleteKeyW

ntdll

memset
_chkstk

vcruntime140

__current_exception_context
__current_exception
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_register_onexit_function
_crt_atexit
_set_app_type
terminate
_controlfp_s
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

gdi32

DeleteDC
CreateCompatibleDC
SelectObject
BitBlt

shell32

SHGetFolderPathW

ole32

CoUnmarshalInterface
CoReleaseMarshalData
CoGetClassObject
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoLockObjectExternal
CLSIDFromString
CoFreeUnusedLibraries
CoRegisterSurrogate
CoInitializeEx
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoMarshalInterface
CoInitialize
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

VariantChangeType
VarI4FromStr
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
SysFreeString
SysAllocString
RegisterTypeLi
LoadTypeLi

Sections

.text
Size: 834KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6a822994d4929da677b3e63fc89963f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 834KB - Virtual size: 834KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 24KB - Virtual size: 25KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 834KB - Virtual size: 834KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 24KB - Virtual size: 25KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 29KB - Virtual size: 28KB