5756eba515c4fb2ac6157eadc3c170c1

Sharing

Copy URL Twitter E-mail

General

Target

5756eba515c4fb2ac6157eadc3c170c1
Size

460KB
MD5

5756eba515c4fb2ac6157eadc3c170c1
SHA1

83d606635de94da21b7c80934eba36e9f876d106
SHA256

672a4c4bfba104d86c5bbaad0b66a001b8d2828f0bf0fdde8d45d802f683d908
SHA512

45a58cf91f492ae307ef48841d65b7a49364a9ee89d2af8cc8be0ec3362c53e88ed74d03f295a1abe88eeb877f7c1c48ec442cbfc231bbd8ecb589ce688a15df
SSDEEP

12288:oBHIivJkCQDy15pqeA/MQktrF6qMMnMMMMM:uHnvJ51LYMhNxMMnMMMMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5756eba515c4fb2ac6157eadc3c170c1

Files

5756eba515c4fb2ac6157eadc3c170c1
.exe windows:4 windows x86 arch:x86

10ceb3ee79e2c02ae1100cf328a458b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCatBuffW

kernel32

LeaveCriticalSection
GetCurrentProcessId
InterlockedExchange
GetFileSize
MultiByteToWideChar
HeapFree
CompareFileTime
GetDateFormatW
GetShortPathNameA
GlobalAlloc
CopyFileA
CreateFileA
IsBadReadPtr
WriteFile
FreeLibrary
QueryPerformanceCounter
GlobalFree
GetUserDefaultLCID
GetStringTypeW
GetVersionExA
UnhandledExceptionFilter
FileTimeToSystemTime
GlobalUnlock
GetFileTime
SetFilePointer
GetSystemTimeAsFileTime
IsValidCodePage
GetLocaleInfoW
lstrcatA
SystemTimeToFileTime
SetFileAttributesA
InitializeCriticalSection
FindClose
GetModuleHandleA
GetSystemInfo
LoadLibraryExA
TlsSetValue
FormatMessageA
lstrlenW
LoadResource
GetTimeZoneInformation
GetModuleFileNameA
GlobalReAlloc
DisableThreadLibraryCalls
lstrcmpiA
VirtualFree
IsDBCSLeadByte
VirtualQuery
VirtualAlloc
SetEvent
FormatMessageW
DeleteCriticalSection
EnterCriticalSection
GetACP
InterlockedIncrement
GlobalLock
FindFirstFileA
ExitProcess
TlsAlloc
TerminateProcess
GetCurrentThread
CreateFileW
VirtualProtect
TlsGetValue
Sleep
IsBadWritePtr
GetCurrentProcess
GetDateFormatA
TlsFree
ReadFile
GetProcAddress
SizeofResource
LocalFree
lstrcpynA
FindResourceA
CreateEventA
GetSystemDefaultLangID
GetLocaleInfoA
ResetEvent
GetTimeFormatW
GetCurrentThreadId
GetTempPathA
IsDBCSLeadByteEx
lstrcpyA
SetEndOfFile
FindNextFileA
GetCPInfo
lstrlenA
GetSystemTime
LoadLibraryA
GetTempFileNameA
CloseHandle
HeapAlloc
GetTimeFormatA
InterlockedDecrement
GetOverlappedResult
SetUnhandledExceptionFilter
WideCharToMultiByte
GetThreadLocale
FlushFileBuffers
GlobalHandle
HeapDestroy
GetTickCount
WaitForSingleObject
HeapCreate

urlmon

UrlMkSetSessionOption
CoInternetParseUrl
CopyBindInfo
CoInternetGetSession

wininet

InternetCrackUrlA
InternetCombineUrlA

advapi32

ImpersonateLoggedOnUser
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RevertToSelf
RegDeleteKeyA
RegNotifyChangeKeyValue
OpenThreadToken
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA

cfgmgr32

CM_Get_Version_Ex

inetcomm

MimeOleGetPropertySchema
MimeOleSetCompatMode
MimeOleGetInternat
MimeOleCreateMessage
MimeOleInetDateToFileTime

ole32

CoCreateGuid
CoUninitialize
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemRealloc
CoTaskMemFree
ProgIDFromCLSID
CoTaskMemAlloc
CoCreateInstance

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

user32

GetMessageA
RegisterWindowMessageA
wsprintfA
CharNextA
DispatchMessageA
CallMsgFilterW
TranslateMessage

azroles

AzSetProperty

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 124KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10ceb3ee79e2c02ae1100cf328a458b6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

urlmon

wininet

advapi32

cfgmgr32

inetcomm

ole32

version

user32

azroles

Sections

.text Size: 156KB - Virtual size: 155KB

.idata Size: 4KB - Virtual size: 4KB

.data Size: 124KB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 32B

.rdata Size: 142KB - Virtual size: 141KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 156KB - Virtual size: 155KB

.idata
Size: 4KB - Virtual size: 4KB

.data
Size: 124KB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 32B

.rdata
Size: 142KB - Virtual size: 141KB

.rsrc
Size: 32KB - Virtual size: 31KB