5618f391bcef63150da02def2a478c8a

Sharing

Copy URL Twitter E-mail

General

Target

5618f391bcef63150da02def2a478c8a
Size

320KB
MD5

5618f391bcef63150da02def2a478c8a
SHA1

36e0f574a84caf01c5c30ecd89046c4154fa877a
SHA256

4a369cf8a15dac74b495bbd2041e6f4f08f888ceccedb88a9f834f1aceb68d72
SHA512

b4348a98db17c02b0d638aa7ca1f0974b019d6c20c967bd2a205c4e4aed61c7ca25d6d8658210c10814496d259718587767c5b55403ee9eb3a4d5c691f2cff61
SSDEEP

6144:tPxsvRrpsrc9R+pNFlM0dBXy8sHZbmkbS6fNHekkx9AGghyCDh:tPxsJrpsWgNrMgXy8mZbCMN3knAGU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5618f391bcef63150da02def2a478c8a

Files

5618f391bcef63150da02def2a478c8a
.exe windows:4 windows x86 arch:x86

a697bd351a8e98aabd4e8c8dd144c20d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle

urlmon

URLDownloadToFileW

secur32

GetComputerObjectNameW

shell32

SHCreateDirectoryExW

userenv

ExpandEnvironmentStringsForUserW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize

user32

PeekMessageW
DispatchMessageW
GetSystemMetrics
GetMessageW
MsgWaitForMultipleObjects
TranslateMessage
PostThreadMessageW

wintrust

WinVerifyTrust

kernel32

GetSystemInfo
LocalAlloc
ReadFile
CancelWaitableTimer
HeapFree
WideCharToMultiByte
GetCommandLineA
EnterCriticalSection
GetCurrentThreadId
IsDebuggerPresent
MoveFileExW
HeapSize
GetTempFileNameW
GetCurrentDirectoryW
RaiseException
GlobalFree
GetACP
FindResourceW
CreateFileMappingW
GetUserDefaultLCID
CreateFileW
GetSystemDirectoryW
IsProcessorFeaturePresent
EnumSystemLocalesA
CloseHandle
Process32FirstW
WaitForSingleObject
RtlUnwind
WriteConsoleW
SetStdHandle
GetFileType
WriteFile
GetConsoleCP
CreateDirectoryW
CreateToolhelp32Snapshot
Process32NextW
HeapReAlloc
FormatMessageW
FlushFileBuffers
DeleteCriticalSection
GetConsoleMode
LeaveCriticalSection
GetFileAttributesExW
SetWaitableTimer
TlsAlloc
MapViewOfFile
RemoveDirectoryW
TlsGetValue
LoadResource
SetFilePointer
IsValidCodePage
LocalFree
GetOEMCP
HeapAlloc
GetStdHandle
GetModuleHandleW
lstrcmpA
GetProcessHeap
FreeEnvironmentStringsW
GetTempPathW
OpenProcess
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
DeleteFileW
InitializeCriticalSectionAndSpinCount
FreeLibrary
SetHandleCount
TlsFree
LockResource
HeapDestroy
SizeofResource
CreateWaitableTimerW
CreateThread
CreateEventW
GetFileSizeEx
SetUnhandledExceptionFilter
GetCommandLineW
FindResourceExW
GetThreadLocale
SetLastError
LCMapStringW
UnhandledExceptionFilter
IsValidLocale
GetFileSize
TlsSetValue
VirtualAlloc

crypt32

CertFreeCertificateChain
CryptQueryObject
CertVerifyCertificateChainPolicy
CryptHashPublicKeyInfo
CertFreeCertificateContext
CryptMsgGetParam
CryptMsgGetAndVerifySigner
CryptMsgClose
CertGetCertificateChain
CryptDecodeObject
CertCloseStore

advapi32

RegQueryValueExW
EnableTrace
LookupAccountSidW
RegSetValueExW
ControlTraceW
RegCloseKey
RegOpenKeyW
StartTraceW
RegDeleteValueW
OpenProcessToken
EnumerateTraceGuids
GetTokenInformation
RegCreateKeyExW
RegOpenKeyExW
InitializeAcl
CloseServiceHandle
EnumDependentServicesA
CredGetTargetInfoA
ImpersonateNamedPipeClient
GetEffectiveRightsFromAclW
LookupSecurityDescriptorPartsA
CryptSetProviderW
WmiFreeBuffer
CredWriteA
ControlService
CreateRestrictedToken
CryptEnumProviderTypesA
LockServiceDatabase
NotifyBootConfigStatus
AllocateAndInitializeSid
EncryptFileA
BuildTrusteeWithNameA
ElfClearEventLogFileW
CredDeleteA
ConvertSecurityDescriptorToStringSecurityDescriptorA
CryptGetDefaultProviderA
RegCreateKeyW
ClearEventLogW
RegEnumValueW
LogonUserW
CredMarshalCredentialW
GetPrivateObjectSecurity
SetUserFileEncryptionKey
SystemFunction016
WmiEnumerateGuids
QueryServiceObjectSecurity
UnregisterIdleTask
SetSecurityDescriptorGroup
CreateProcessAsUserW
MD5Init
CredRenameA
CryptSetProviderExA
LsaQueryForestTrustInformation
AddAuditAccessAceEx
AccessCheckAndAuditAlarmW
SystemFunction018
GetLocalManagedApplications
CryptDuplicateHash
DuplicateToken
SaferIdentifyLevel
IdentifyCodeAuthzLevelW
I_ScGetCurrentGroupStateW
ReportEventW
GetSecurityDescriptorSacl
DeleteAce
ElfOpenEventLogW

shlwapi

PathFindFileNameW
SHDeleteKeyW
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathCombineW

shimgvw

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a697bd351a8e98aabd4e8c8dd144c20d

Headers

File Characteristics

Imports

wininet

urlmon

secur32

shell32

userenv

ole32

user32

wintrust

kernel32

crypt32

advapi32

shlwapi

shimgvw

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 248KB - Virtual size: 1.5MB

.rdata Size: 6KB - Virtual size: 351KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 38KB - Virtual size: 40KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 248KB - Virtual size: 1.5MB

.rdata
Size: 6KB - Virtual size: 351KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 38KB - Virtual size: 40KB