56c1696670f22d280885664d9d6cfa80

Sharing

Copy URL

Twitter E-mail

General

Target

56c1696670f22d280885664d9d6cfa80
Size

572KB
MD5

56c1696670f22d280885664d9d6cfa80
SHA1

e2bf282e12bd1a0483a1a89f00d85d67b5003ab5
SHA256

a4199833859a6224ea042ab31e1a703baa09a5b0bf29f451fce275659f993c21
SHA512

4f4c61d5956086fab79c15097f20ee83686209304266c1007e2038a7b3d3a96c0c167a6688969625e29ef335aa5631ef0d6105d6f51aa9c5d16a59d97776e1dd
SSDEEP

12288:iQRnXD7E0YFiF9syUmMh1U3gODdw4i2RGTcAL4vH85CGtXk6:LZz4xibmfQgD4foTVFPtX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56c1696670f22d280885664d9d6cfa80

Files

56c1696670f22d280885664d9d6cfa80
.exe windows:4 windows x86 arch:x86

8ca8db1c0517bf0468d485cd0efb6d7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnfix
lstrcpy
SetConsoleCtrlHandler
GetConsoleOutputCP
LCMapStringW
InterlockedDecrement
SetComputerNameW
GetUserDefaultLCID
GetSystemTimeAsFileTime
ContinueDebugEvent
InterlockedCompareExchange
HeapReAlloc
ReadFile
EnumCalendarInfoW
FindFirstFileExW
HeapAlloc
IsValidCodePage
IsValidLocale
GetMailslotInfo
GetVersionExW
SetConsoleWindowInfo
WritePrivateProfileStringA
GetModuleFileNameA
SetFileAttributesA
VirtualLock
WriteConsoleW
LCMapStringA
GetTickCount
GetCurrentProcess
CloseHandle
GetStringTypeA
GetEnvironmentStringsW
DeleteFiber
lstrcmpiA
MultiByteToWideChar
InterlockedExchange
GetPrivateProfileSectionA
GetStdHandle
GetFileType
ReadConsoleW
GetStringTypeExA
GetPrivateProfileStringA
RtlZeroMemory
GetModuleHandleW
SetEnvironmentVariableA
EnterCriticalSection
GetCommandLineA
SetStdHandle
WriteFile
LeaveCriticalSection
WriteConsoleOutputCharacterW
GetOEMCP
DeleteCriticalSection
TerminateProcess
OutputDebugStringA
InterlockedExchangeAdd
GetStringTypeW
CompareStringW
CreateDirectoryW
CreateMutexA
InterlockedIncrement
GetProcAddress
GetStartupInfoA
ConvertDefaultLocale
RtlUnwind
DebugBreak
SetTimeZoneInformation
GetEnvironmentStrings
ConnectNamedPipe
OpenMutexA
GetLocaleInfoW
OpenWaitableTimerW
GetACP
ResetEvent
SetCurrentDirectoryA
EnumResourceLanguagesW
GetCompressedFileSizeA
GetConsoleMode
CompareStringA
TlsAlloc
WritePrivateProfileSectionA
VirtualProtect
GetConsoleCursorInfo
GetFileTime
GetThreadTimes
LocalUnlock
GetLocaleInfoA
LocalLock
LockFileEx
SetWaitableTimer
GetModuleHandleA
SetThreadAffinityMask
UnhandledExceptionFilter
GetCurrentProcessId
HeapDestroy
GetTimeZoneInformation
CreateProcessA
GetStartupInfoW
GetConsoleCP
GetEnvironmentVariableA
VirtualAlloc
SetLastError
GetCurrentThreadId
GetProcessAffinityMask
SetUnhandledExceptionFilter
HeapSize
LoadLibraryA
GetLastError
GetAtomNameA
FreeEnvironmentStringsA
FlushFileBuffers
GetDateFormatA
CreateNamedPipeA
VirtualFree
VirtualQuery
HeapCreate
GetDriveTypeW
QueryPerformanceCounter
FreeLibrary
EnumSystemLocalesA
WideCharToMultiByte
IsDebuggerPresent
SetConsoleCursorInfo
InitializeCriticalSectionAndSpinCount
WritePrivateProfileSectionW
FormatMessageW
TlsFree
TlsGetValue
ExitProcess
CreateFileA
GetDiskFreeSpaceA
SetHandleCount
GetPrivateProfileIntW
GetCurrentThread
SetFilePointer
GetCurrentDirectoryA
GetCurrentDirectoryW
Sleep
WriteConsoleA
GetCPInfo
GetTimeFormatA
HeapFree
TlsSetValue
EnumTimeFormatsA
FreeEnvironmentStringsW
FindNextChangeNotification

advapi32

CryptEnumProviderTypesW
RegDeleteValueA
CryptEncrypt
CryptCreateHash
RegSetKeySecurity
RegDeleteKeyA
DuplicateToken
InitiateSystemShutdownA
RegOpenKeyA
CryptImportKey
RegOpenKeyW
RegCloseKey
RegReplaceKeyW
RegCreateKeyExA
GetUserNameA
CryptEnumProvidersW
CryptGetProvParam
CryptReleaseContext
InitializeSecurityDescriptor

comctl32

InitCommonControlsEx
ImageList_DrawIndirect

gdi32

CreatePolyPolygonRgn
SetBrushOrgEx
EnumFontsW
EnumICMProfilesA
GetCharWidth32A
SetICMProfileW
GetCharWidthFloatW
GetPath

comdlg32

PageSetupDlgA

user32

GetAltTabInfo
SetMessageExtraInfo
SetMenuItemInfoA
CharNextW
DdeAbandonTransaction
ShowOwnedPopups
CheckDlgButton
DestroyWindow
GetWindowTextW
ShowWindow
GetWindowDC
InflateRect
MessageBoxW
DdePostAdvise
EditWndProc
CheckMenuRadioItem
GetActiveWindow
CreateWindowExW
RegisterClassA
RegisterClassExA
GetKeyState
DialogBoxParamA
DefWindowProcA
DdeDisconnectList
wvsprintfW
CharNextA

wininet

FindNextUrlCacheGroup
ShowClientAuthCerts
InternetWriteFileExW
HttpAddRequestHeadersW
DeleteIE3Cache
FindNextUrlCacheEntryW
FtpRemoveDirectoryA

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ca8db1c0517bf0468d485cd0efb6d7e

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

comdlg32

user32

wininet

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 256KB - Virtual size: 252KB

.data Size: 112KB - Virtual size: 121KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 256KB - Virtual size: 252KB

.data
Size: 112KB - Virtual size: 121KB

.rsrc
Size: 24KB - Virtual size: 21KB