b5e59e19cae40bc080e1e7153b5c093ec5fe56da3b1fdaad672dd60514af006c

Sharing

Copy URL Twitter E-mail

General

Target

b5e59e19cae40bc080e1e7153b5c093ec5fe56da3b1fdaad672dd60514af006c
Size

2.0MB
MD5

eabca4b626066e460a803221c1ef4e89
SHA1

f90aa227225edf166be5d8028a4340b33fb80b47
SHA256

b5e59e19cae40bc080e1e7153b5c093ec5fe56da3b1fdaad672dd60514af006c
SHA512

23246e4d8e206749df0b7e042c372fee1e68580941a8ae87fe7379a3f76a518712aa090ea5917bbd8f55d4a3195a6be618a015fc6b8c47b5a1f19090b0c76aeb
SSDEEP

24576:NO0W+CR6rZ5CNTKLcotKShxADhYVVPs9/j+J69fSgeKP/lQCofpTHgH6saissYDa:NO0bDdMoLA+J6LeKP/l1ANA2C7Dd7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5e59e19cae40bc080e1e7153b5c093ec5fe56da3b1fdaad672dd60514af006c

Files

b5e59e19cae40bc080e1e7153b5c093ec5fe56da3b1fdaad672dd60514af006c
.exe windows:6 windows x86 arch:x86

0a29ba615b063dbd037ed3c4d7966597

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

comctl32

CreateStatusWindowW
ImageList_Destroy
ImageList_Remove
InitCommonControlsEx
ImageList_Create
ord8
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

closesocket
gethostbyname
ntohl
WSASetLastError
inet_addr
send
inet_ntoa
gethostname
recv
WSAGetLastError
WSACleanup

shlwapi

PathFileExistsW

kernel32

GetFileSize
CreateDirectoryExW
GetFullPathNameW
GetLocalTime
FlushFileBuffers
WideCharToMultiByte
AddDllDirectory
FileTimeToSystemTime
GetFileTime
GetPrivateProfileIntW
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LockResource
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
CopyFileW
DeleteCriticalSection
IsBadWritePtr
GetCommandLineW
SetProcessAffinityMask
GetProcessAffinityMask
SetErrorMode
GetCurrentThreadId
SetCurrentDirectoryW
VirtualAlloc
VirtualFree
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
SetFilePointer
GetFileType
DeleteFiber
ConvertFiberToThread
DeleteFileW
QueryPerformanceCounter
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
RtlUnwind
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetStartupInfoW
RaiseException
IsDebuggerPresent
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateProcessW
TerminateProcess
GetProcAddress
UnhandledExceptionFilter
LoadLibraryW
WriteFile
GlobalAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileAttributesExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
DecodePointer
TlsAlloc
SetEndOfFile
GetCurrentProcessId
CreateFileW
FindNextFileW
FindFirstFileW
FindClose
lstrcmpW
MultiByteToWideChar
lstrcpyW
lstrcatW
GetPrivateProfileStringW
lstrlenW
GetCurrentProcess
WritePrivateProfileStringW
lstrcpynW
GetTickCount
CreateThread
WaitForMultipleObjects
Sleep
SetFilePointerEx
GetSystemInfo
CloseHandle
GetFileSizeEx
ReadFile
EncodePointer
CompareStringW
LCMapStringW
GetTimeZoneInformation
HeapReAlloc
GetConsoleOutputCP
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenEventW
CreateEventW
ReleaseMutex
CreateMutexW
LoadLibraryExW
GetSystemTimeAsFileTime
FreeLibrary
GetModuleHandleW
SystemTimeToFileTime
GetModuleFileNameW
SetUnhandledExceptionFilter
WaitForSingleObject
SetEvent
SetLastError
IsProcessorFeaturePresent
GetLastError
SetEnvironmentVariableW
GetStringTypeW
HeapSize
GetStdHandle
WriteConsoleW

user32

TranslateAcceleratorW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic
CheckRadioButton
SendDlgItemMessageW
GetMenuItemInfoW
CheckMenuRadioItem
DestroyWindow
CreateWindowExW
DrawMenuBar
AppendMenuW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
IsWindow
GetDlgItemTextW
GetMenuState
GetMenu
GetDC
CreateDialogIndirectParamW
ReleaseDC
TrackPopupMenu
SetMenuItemInfoW
IsWindowEnabled
IsDlgButtonChecked
GetDlgItemInt
CheckDlgButton
EnableMenuItem
SetDlgItemInt
GetCursorPos
GetFocus
MessageBoxW
EndDialog
SetWindowTextW
IsDialogMessageW
GetUserObjectInformationW
DispatchMessageW
LoadAcceleratorsW
GetWindowPlacement
UnregisterClassW
IsWindowVisible
DefWindowProcW
CreateDialogParamW
GetMessageW
SetDlgItemTextW
SetFocus
SetDlgItemTextA
GetDlgItem
DialogBoxParamW
EnableWindow
LoadMenuW
GetSubMenu
SetMenuDefaultItem
DestroyMenu
DestroyIcon
LoadImageW
LoadStringW
GetWindowLongW
GetWindowRect
SetWindowPos
ScreenToClient
SendMessageW
GetSystemMetrics
RegisterClassExW
MoveWindow
LoadIconW
LoadCursorW
GetClientRect
GetDesktopWindow
GetParent
GetSysColor
FindWindowW
PostMessageW
IsCharLowerW
CharLowerBuffW
CharUpperBuffW
CharLowerW
IsCharAlphaNumericW
wsprintfW
GetProcessWindowStation
DestroyAcceleratorTable
ShowWindow
SetWindowLongW

gdi32

SetTextColor
GetObjectW
CreateSolidBrush
CreateFontIndirectW
GetDeviceCaps
SetBkColor
DeleteObject
CreateFontW

comdlg32

GetOpenFileNameW

advapi32

CreateServiceW
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
AddAccessAllowedAce
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
CopySid
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom

shell32

SHGetFolderPathW
SHCreateItemFromParsingName
SHGetKnownFolderPath
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc

iphlpapi

GetAdaptersInfo

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 158.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a29ba615b063dbd037ed3c4d7966597

Headers

DLL Characteristics

File Characteristics

Imports

ole32

comctl32

version

ws2_32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

iphlpapi

crypt32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 352KB - Virtual size: 352KB

.data Size: 22KB - Virtual size: 158.7MB

.rsrc Size: 548KB - Virtual size: 547KB

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 352KB - Virtual size: 352KB

.data
Size: 22KB - Virtual size: 158.7MB

.rsrc
Size: 548KB - Virtual size: 547KB

.reloc
Size: 58KB - Virtual size: 57KB