571128a44326144850262cb5e04dcb45

Sharing

Copy URL

Twitter E-mail

General

Target

571128a44326144850262cb5e04dcb45
Size

1.2MB
MD5

571128a44326144850262cb5e04dcb45
SHA1

03d037a9ed7fd22b002563b76b65919fd40c50f4
SHA256

f01cf298000932a1866efc07845e348454d31e082513d58bac4023895976c7cf
SHA512

387c0633fb01d8de0b790ff302aef7bef25b95f929104b34cb928cf31b0750051f1af5b9dd60fdfb7b8e8a6dbaa81e2e1f80d65b34351e4dd36d8300b07ffef7
SSDEEP

24576:XI2Qm/0o3OEFw3w7wh2KRsmKq83vMg/X:XI2Qm9e73BHRcnMA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
571128a44326144850262cb5e04dcb45

Files

571128a44326144850262cb5e04dcb45
.exe windows:5 windows x86 arch:x86

06822a52fabecede68b9d3d6ded7de70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

Polygon
GetMapMode
CreateRectRgn
Rectangle

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount

netapi32

NetApiBufferSize
NetShareGetInfo

shell32

SHGetMalloc
SHGetDesktopFolder

ole32

StringFromGUID2
CLSIDFromString

msvcrt

_cexit
_snwprintf
wcscmp
wcstok
_tzset
_mbslen
fseek
_wcsupr
wcsncat
wcslen
_mbscpy
__set_app_type
wcspbrk
wcsstr
_c_exit
_CxxThrowException
_open_osfhandle
fread
free
fwrite
_wcsrev
_except_handler3
_wcsicmp
_putenv
_wtoi

setupapi

SetupFindNextLine

kernel32

HeapQueryInformation
FileTimeToLocalFileTime
LoadLibraryA
VirtualAlloc
DeleteCriticalSection
SetFilePointer
GetProcessHeap
LockResource
GetExitCodeThread
ReadFile
VerSetConditionMask
GetVersion
ReleaseMutex
FreeLibrary
GetFileInformationByHandle
WriteFile
SetEndOfFile
FindVolumeMountPointClose
GetLastError
LocalFree
GetCurrentProcessId
LockFile
CreateMutexA
TerminateThread
TerminateProcess
FindClose
ReleaseSemaphore
CloseHandle
OpenMutexA
MultiByteToWideChar
LoadResource
PrepareTape
WriteTapemark
GetCurrentDirectoryA
LeaveCriticalSection
FileTimeToSystemTime

syssetup

AsrRestorePlugPlayRegistryData

user32

RegisterClassExA
SendMessageA
DestroyWindow
GetWindow
SetCursor
InvalidateRect
CreateWindowExA
IsIconic
DispatchMessageA
SetTimer
EnableMenuItem
DeleteMenu
GetMessageA
TranslateMessage
GetDesktopWindow
IsWindow
GetWindowThreadProcessId
DefWindowProcA
ScreenToClient
SetParent
GetMenu
UpdateWindow
GetClientRect
GetSysColor
ShowWindow
GetCapture
GetMenuItemCount
GetParent

advapi32

FreeSid
DeleteAce
CheckTokenMembership
WriteEncryptedFileRaw
OpenThreadToken
RegCloseKey
AddAccessAllowedAce
RegQueryValueExA

ntdll

NtQueryQuotaInformationFile
_aulldvrm
isdigit
towupper

Sections

.text
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 836KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06822a52fabecede68b9d3d6ded7de70

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

comctl32

netapi32

shell32

ole32

msvcrt

setupapi

kernel32

syssetup

user32

advapi32

ntdll

Sections

.text Size: 268KB - Virtual size: 268KB

.data Size: 87KB - Virtual size: 87KB

.rsrc Size: 836KB - Virtual size: 3.9MB

.text
Size: 268KB - Virtual size: 268KB

.data
Size: 87KB - Virtual size: 87KB

.rsrc
Size: 836KB - Virtual size: 3.9MB