55c4f3be199405f86acd4edadebd0134

Sharing

Copy URL Twitter E-mail

General

Target

55c4f3be199405f86acd4edadebd0134
Size

97KB
MD5

55c4f3be199405f86acd4edadebd0134
SHA1

f401275e0296c8e98969c326a22cea7e74e626c2
SHA256

eafd016b2a9c6cd514b039909614bc53b5bda78ea52e44904cbdefc70b9b2686
SHA512

37c707a94ef87c6361c67b3f8d3891e5384bd31fa56ee678f1a433e15f1bdc8ad37124b66f768723736320095eeb4a69b38157272ce521d2f19c64f282d7b6eb
SSDEEP

1536:CE/QK0R0SFBe6Ozt7UlGJOrFb8C3VWWKuUewn0kiJXfpDl92gFiijp5bZWsh:xz0KSfe6OztfJOxbToQnTv/jp5b3h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55c4f3be199405f86acd4edadebd0134

Files

55c4f3be199405f86acd4edadebd0134
.exe windows:4 windows x86 arch:x86

32b3c615977fdea1b3216c816520f4cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegEnumKeyExW
RegCreateKeyExW
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCloseKey
AccessCheckByTypeAndAuditAlarmA
RegQueryValueExW
ObjectDeleteAuditAlarmA
RegDeleteValueA
CloseServiceHandle
GetTokenInformation
AddAccessAllowedAce
AllocateAndInitializeSid
RegDeleteKeyA
RegQueryInfoKeyW
RegCreateKeyExA
RegEnumValueW
GetLengthSid
RegDeleteKeyW
ObjectDeleteAuditAlarmW
FreeSid
RegDeleteValueW
InitializeSecurityDescriptor
RegOpenKeyExW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
RegEnumKeyExA
ObjectCloseAuditAlarmW
ObjectCloseAuditAlarmA
RegQueryValueExA
RegSetValueExA

comdlg32

ChooseFontA
GetOpenFileNameA
dwLBSubclass
PrintDlgA
WantArrows
PrintDlgExA
dwOKSubclass
FindTextA
CommDlgExtendedError
LoadAlterBitmap
ReplaceTextA
GetFileTitleA
ChooseColorA
PageSetupDlgA
GetSaveFileNameA

kernel32

LocalFree
CreateFileA
WriteConsoleW
InitializeCriticalSection
LockResource
WriteProfileStringA
VirtualAlloc
GetCurrentProcessId
GetCurrentProcess
LeaveCriticalSection
ExitProcess
LoadLibraryA
InterlockedDecrement
GetCurrentThreadId
WritePrivateProfileStringA
MultiByteToWideChar
WritePrivateProfileSectionA
TerminateProcess
WideCharToMultiByte
SizeofResource
EnterCriticalSection
GetTickCount
FindResourceA
GetLastError
GetProcAddress
CloseHandle
Sleep
LoadResource
QueryPerformanceCounter
FreeLibrary
InterlockedIncrement
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteProfileSectionW
DeleteCriticalSection

ws2help

WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseHandleHelper
WahCloseThread
WahCompleteRequest

msvcrt

_chdir
_cabs
_assert
__threadid
_cgetws
_close
_cgets
_atoi64
_access
_atoldbl
__doserrno
__set_app_type
_c_exit
_chgsign
_beep

user32

EndDialog
DestroyWindow
MessageBoxA
GetClientRect
ReleaseDC
GetDlgItem
GetSystemMetrics
BeginPaint
GetDC
TranslateMessage
ShowWindow
wsprintfA
GetParent
ArrangeIconicWindows
GetWindowRect
AnimateWindow
LoadStringW
EnableWindow

oleaut32

SysFreeString
VariantCopyInd
VariantClear
VariantCopy
SysAllocStringLen
SysStringByteLen
SafeArrayCreate
GetActiveObject
SysAllocStringByteLen
SysReAllocStringLen

ws2_32

closesocket
bind
accept
socket
WSAStartup
setsockopt
WSALookupServiceNextA
listen
WSACleanup
send

ole32

CoCreateObjectInContext
CLSIDFromProgID
CLSIDFromProgIDEx
BindMoniker
CoCreateInstanceEx
CLSIDFromOle1Class
PropVariantChangeType
CLIPFORMAT_UserFree
CLIPFORMAT_UserUnmarshal
CoCreateInstance
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal

Sections

BSS
Size: - Virtual size: 92KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32b3c615977fdea1b3216c816520f4cf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comdlg32

kernel32

ws2help

msvcrt

user32

oleaut32

ws2_32

ole32

Sections

BSS Size: - Virtual size: 92KB

CODE Size: 2KB - Virtual size: 2KB

DATA Size: 86KB - Virtual size: 85KB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 1024B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 92KB

CODE
Size: 2KB - Virtual size: 2KB

DATA
Size: 86KB - Virtual size: 85KB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB