56c2f87ae679a552a69f0e0f2ed35f64

Sharing

Copy URL Twitter E-mail

General

Target

56c2f87ae679a552a69f0e0f2ed35f64
Size

226KB
MD5

56c2f87ae679a552a69f0e0f2ed35f64
SHA1

8b1029e3381dae4c5e086afd5e8afeb995fc67ea
SHA256

45f7ccbcca10dceb26f34e90b1cf4e98ae914f50fcfd670f2ac698c263e4930a
SHA512

bf4ce8993ef9fa65e08694bd7b530151099f74dc0006268ec2494058aae2a055410edbf57fc4a706bdfb759015ad6f0314a56012adad1ec8b0bdc6a2bd1380ed
SSDEEP

6144:DyxP/SRoQO7ntTm0bl5EMBg3BWB6hFw7USoBCC:MVDEYxoB7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56c2f87ae679a552a69f0e0f2ed35f64

Files

56c2f87ae679a552a69f0e0f2ed35f64
.exe windows:5 windows x86 arch:x86

34208c46feda388f6b231e2d37635e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringW

kernel32

CreateSemaphoreW
CreateThread
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
CloseHandle
HeapAlloc
HeapFree
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseSemaphore
CreateEventA
SetEvent
CreateEventW
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SwitchToThread
TerminateProcess
UnhandledExceptionFilter
WaitForMultipleObjects
WaitForSingleObject
lstrcmpW

advapi32

AddAccessAllowedAce
DuplicateTokenEx
EqualSid
AddAce
FreeSid
GetAce
GetAclInformation
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorDacl
GetSidLengthRequired
GetSidSubAuthority
AdjustTokenPrivileges
GetTokenInformation
AllocateAndInitializeSid
ImpersonateLoggedOnUser
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsValidSid
LogonUserW
LookupAccountSidW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSaveKeyW
RegSetValueExW
RegisterServiceCtrlHandlerW
RevertToSelf
ChangeServiceConfigW
SetKernelObjectSecurity
CheckTokenMembership
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetServiceStatus
SetTokenInformation
CloseServiceHandle
ConvertSidToStringSidW

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34208c46feda388f6b231e2d37635e18

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 17KB - Virtual size: 32KB

.reloc Size: 11KB - Virtual size: 12KB

.rsrc Size: 10KB - Virtual size: 12KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 17KB - Virtual size: 32KB

.reloc
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 10KB - Virtual size: 12KB