5794b9749c70dc139292c3d6838cb4db

Sharing

Copy URL Twitter E-mail

General

Target

5794b9749c70dc139292c3d6838cb4db
Size

580KB
MD5

5794b9749c70dc139292c3d6838cb4db
SHA1

d794161d6eafe886fad9fcb10bb8acd9882d8dfd
SHA256

da2d5c5bf34de146e715ec85224fb3af2e0fedf6306f35fe1b2b66c0e0a9d39d
SHA512

adfcd606edc60dd9a2018266b9d3c686d0b7a60b722b972da51bed56dba7ba4a9b413293554b3f2ef2f9fb844557ef77e643f5a2c1ce180bc32ef968c4f98f62
SSDEEP

6144:ged36XNOsdXGe1oxvAPAbej0ZOHuAnei97uk1uV+rWiGvNpRYZHh4YTWDHuffT5V:xdoNJXz1oiP107INAkSTdQHh/TWq+k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5794b9749c70dc139292c3d6838cb4db

Files

5794b9749c70dc139292c3d6838cb4db
.exe windows:4 windows x64 arch:x64

5a9ea5791ca6e8b392b5f7079220459f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RaiseException
RtlPcToFileHeader
HeapSize
RtlVirtualUnwind
HeapSetInformation
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
RtlUnwindEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetACP
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
RtlLookupFunctionEntry
GetStartupInfoA
GetProcessHeap
GetCommandLineA
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetTickCount
SetErrorMode
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReadFile
DeleteFileA
GetThreadLocale
GetOEMCP
GetCPInfo
GetModuleFileNameW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
MulDiv
GetFileAttributesA
WritePrivateProfileStringA
GlobalFree
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalAlloc
lstrcmpA
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
GetVersionExA
FreeResource
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetModuleHandleA
GlobalGetAtomNameA
GlobalAddAtomA
SetLastError
GetVersion
CompareStringA
GetLastError
MultiByteToWideChar
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
ExitProcess
Sleep
GetModuleFileNameA
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
GetEnvironmentStrings
CreateFileA
CreateFileW

user32

UnregisterClassA
RegisterClipboardFormatA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetClientRect
PtInRect
GetDC
ReleaseDC
GetWindowRect
GetSystemMetrics
RegisterWindowMessageA
DestroyMenu
GetClassNameA
GetSysColor
WinHelpA
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
GetFocus
GetDlgItem
GetKeyState
GetDlgCtrlID
GetMenu
LoadIconA
SetCursor
PeekMessageA
GetCapture
GetParent
SetActiveWindow
IsWindowVisible
IsIconic
SendMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoA
CopyRect
GetLastActivePopup
EndPaint
BeginPaint
GrayStringA
DrawTextExA
PostMessageA
GetDesktopWindow
GetWindowLongA
ShowWindow
GetWindow
IsWindow
EnableWindow
UpdateWindow
GetSysColorBrush
DrawTextA
TabbedTextOutA
LoadCursorA
ClientToScreen
GetMessageA
TranslateMessage
ValidateRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
PostQuitMessage
SetWindowTextA
IsDialogMessageA
GetCursorPos

gdi32

GetDeviceCaps
GetStockObject
SaveDC
RestoreDC
SetMapMode
CreateBitmap
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetBkColor
SetTextColor
GetClipBox
DeleteDC
GetObjectA
DeleteObject
SelectObject
PtVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantInit
VariantClear

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 230KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a9ea5791ca6e8b392b5f7079220459f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

.text Size: 234KB - Virtual size: 233KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 13KB - Virtual size: 36KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 230KB - Virtual size: 232KB

.text
Size: 234KB - Virtual size: 233KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 13KB - Virtual size: 36KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 230KB - Virtual size: 232KB