543b354701bc4e22918a2bd466d0d79f

Sharing

Copy URL

Twitter E-mail

General

Target

543b354701bc4e22918a2bd466d0d79f
Size

755KB
MD5

543b354701bc4e22918a2bd466d0d79f
SHA1

b059abe07b0f48e8d784d678ba0b8774b0d520b4
SHA256

6d568edff91a465da75ef8cf70f9d11b69579c69fd3e0d891f0e55ea77cd03a9
SHA512

3487a526022882abb4ccf5250a6b6b305a03e23098963fd8064eb4e0c76def33fdadcbd434663a8b428af2e2c128288d43312b77cfc91b3ebd55eb0db1fc6b05
SSDEEP

12288:uSnX5K4ByjKx/atLpm1EwtLpm1EEavlKh1IH+199d0wa7RQ6Wu5yVno6tx2kuFML:uSM4BKKNatLpwbtLpw3zIef0wV4yVno

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
543b354701bc4e22918a2bd466d0d79f

Files

543b354701bc4e22918a2bd466d0d79f
.exe windows:10 windows x64 arch:x64

6e6a036bd2def1fb34d19979d5b23ecb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegSetValueExW
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

kernel32

GetSystemDirectoryW
LoadLibraryExW
GetProcAddress
FreeLibrary
HeapFree
GetProcessHeap
GetVolumePathNameW
GetLastError
GetModuleHandleW
GetFirmwareType
GetPhysicallyInstalledSystemMemory
GlobalMemoryStatusEx
CreateFileW
ReadFile
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
GetSystemWow64DirectoryW
LeaveCriticalSection
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
InitializeCriticalSection
SetCurrentDirectoryW
LoadLibraryW
FormatMessageW
GlobalLock
GlobalUnlock
GetFileSize
LocalFree
GlobalAlloc
GetComputerNameW
GetCommandLineW
HeapSetInformation
RegisterApplicationRestart
CreateEventW
GetNativeSystemInfo
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetLocaleInfoW
TerminateThread
WaitForSingleObject
SetEvent
CreateThread
ResetEvent
CloseHandle
GetTempPathW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetTickCount
GetVersionExW
DeleteCriticalSection
DnsHostnameToComputerNameW
GetCurrentDirectoryW
EnterCriticalSection
CreateDirectoryExW

gdi32

CreateFontIndirectW
GetObjectW
CreateSolidBrush
SetTextColor
EndDoc
EndPage
StartDocW
CreateFontW
TextOutW
StartPage
GetDeviceCaps
GetTextExtentPoint32W

user32

SetCapture
PtInRect
OffsetRect
InflateRect
DestroyIcon
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
IsWindowEnabled
IsWindowVisible
GetFocus
LoadCursorW
SetCursor
ShowWindow
UpdateWindow
InvalidateRect
ScreenToClient
CopyRect
SetFocus
SetClassLongPtrW
LoadIconW
SetWindowPlacement
SystemParametersInfoW
LoadAcceleratorsW
MoveWindow
GetDCEx
DrawFocusRect
ReleaseDC
IsDlgButtonChecked
LoadStringW
CheckDlgButton
GetSubMenu
SetMenuItemInfoW
PostMessageW
MessageBoxW
LoadMenuW
SetMenu
EmptyClipboard
SetClipboardData
BeginPaint
GetSysColor
ReleaseCapture
GetWindowTextW
SetRect
EnableWindow
CheckRadioButton
SetDlgItemTextW
SetWindowTextW
SendMessageW
GetDlgItem
FillRect
RedrawWindow
EndPaint
PostQuitMessage
CreateDialogParamW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
GetClientRect
KillTimer
SetTimer
DialogBoxParamW
EndDialog
GetWindowRect

mfc42u

ord1586
ord812
ord288
ord1082
ord6127
ord6133
ord6243
ord6577
ord6138
ord2574
ord851
ord6707
ord6704
ord5979
ord1358
ord5927
ord2781
ord5951
ord2785
ord1042
ord1059
ord655
ord4502
ord1383
ord1221
ord628
ord5916
ord917
ord422
ord2461
ord1471
ord287
ord1647
ord3790
ord286
ord1574
ord2427
ord3783
ord1646
ord6887
ord626
ord1040
ord1122
ord1126
ord2975
ord5887
ord4436
ord2629
ord624
ord620
ord6545
ord6226
ord1286
ord2846
ord1284
ord6705
ord6886
ord4473
ord1463
ord2783
ord1259
ord6050
ord1606
ord424
ord919
ord4504
ord1223
ord2845
ord1006
ord420
ord915
ord568
ord1355
ord5950
ord4500
ord1219
ord1381
ord5925
ord3579
ord5914
ord6641
ord4523
ord4521
ord6708
ord1264
ord1262
ord1095
ord2841
ord6216
ord2794
ord6880
ord1483
ord3581
ord366
ord3830
ord5986
ord3221
ord3777
ord2408
ord369
ord622
ord4046
ord2849
ord1287
ord2855
ord2801
ord1124
ord336

msvcrt

memset
??1type_info@@UEAA@XZ
_onexit
memcpy
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
malloc
wcsncpy_s
_vsnwprintf
iswascii
wcstod
_wtol
_wcsupr
free
iswalpha
wcstoul
wcstol
_wcsicmp
swprintf_s
_purecall
_wcsicoll
_wtoi
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
wcscmp

atl

ord30

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation

oleaut32

SysAllocString
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantClear
SysAllocStringLen
SysStringLen
VariantChangeType
SysFreeString

ole32

CoUninitialize
StringFromCLSID
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoCreateGuid
CoCreateInstance

shlwapi

StrFormatByteSizeEx

setupapi

SetupIterateCabinetW

comdlg32

PrintDlgExW
GetOpenFileNameW
GetSaveFileNameW

shell32

CommandLineToArgvW
ShellAboutW

comctl32

InitCommonControlsEx

powrprof

PowerDeterminePlatformRoleEx

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 396KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e6a036bd2def1fb34d19979d5b23ecb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

atl

ntdll

oleaut32

ole32

shlwapi

setupapi

comdlg32

shell32

comctl32

powrprof

slc

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 7KB - Virtual size: 27KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 147KB - Virtual size: 146KB

.reloc Size: 396KB - Virtual size: 736KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 7KB - Virtual size: 27KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 147KB - Virtual size: 146KB

.reloc
Size: 396KB - Virtual size: 736KB