57c4f7d80a03b231fe63bac3e019dc1a

Sharing

Copy URL

Twitter E-mail

General

Target

57c4f7d80a03b231fe63bac3e019dc1a
Size

326KB
MD5

57c4f7d80a03b231fe63bac3e019dc1a
SHA1

7cb79aefb527eb6b1469f5c8ed7ab859fd072023
SHA256

e419b1ab6d60050794ade98533b22a073ed3ed223c3ade33bab12a5e8f38c3fd
SHA512

f9fbd90cf18638ec165e764089be9d0e1cb0978086bbd0bd7f4433d28bc949317045531d8a76dd1df08587f98d78d7547d1f05f571ba4215516049614ab6d7e4
SSDEEP

6144:XvGFlCueT0iYjDkDkh/Y5PiuQYMDhAczzv3pMW1oRgpdk3xVGUX:X+W/oi1U/aQr3iWqRgvk3b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57c4f7d80a03b231fe63bac3e019dc1a

Files

57c4f7d80a03b231fe63bac3e019dc1a
.exe windows:5 windows x86 arch:x86

2576f2ec2bdfe2dc98f7b893bdd6cf3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageW
CloseDesktop
OpenDesktopW
KillTimer
MsgWaitForMultipleObjects
SetTimer
SetThreadDesktop
CharPrevW
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
GetDesktopWindow
GetWindowRect
GetClientRect
MapWindowPoints
SetWindowPos
wsprintfA
GetThreadDesktop
TranslateMessage
DispatchMessageW
wsprintfW
MessageBoxW
LoadStringW
CharNextW

kernel32

DuplicateHandle
InterlockedExchange
SetThreadPriority
InterlockedExchangeAdd
OpenEventW
DeleteTimerQueueTimer
CreateTimerQueueTimer
LocalAlloc
PulseEvent
WideCharToMultiByte
lstrcpyA
QueryPerformanceFrequency
GetThreadPriority
GetComputerNameW
InitializeCriticalSectionAndSpinCount
ReleaseMutex
MoveFileW
GetLocalTime
QueueUserWorkItem
CreateMutexW
GetComputerNameExW
FindFirstFileW
GlobalLock
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
GetSystemWindowsDirectoryW
GetDiskFreeSpaceExW
GetVolumeInformationW
DeviceIoControl
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
FindNextFileW
FindClose
RemoveDirectoryW
GetVersionExW
GetSystemInfo
GetFileAttributesW
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateDirectoryW
WriteFile
MoveFileExW
VirtualAlloc
GetFileSize
ReadFile
VirtualFree
lstrcmpW
CreateProcessW
IsBadWritePtr
Sleep
CreateThread
SetEvent
TerminateThread
WaitForSingleObject
OutputDebugStringA
LoadLibraryA
ResetEvent
CreateIoCompletionPort
IsDebuggerPresent
GetThreadLocale
VirtualQueryEx
GetModuleFileNameA
lstrcatA
lstrcmpA
CreateEventA
CreateSemaphoreA
GetVersionExA
GetModuleHandleA
GetWindowsDirectoryW
GetThreadContext
GetExitCodeProcess
SetFileAttributesW
LockResource
FreeLibraryAndExitThread
ReleaseSemaphore
CreateSemaphoreW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemDirectoryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
TlsAlloc
DisableThreadLibraryCalls
TlsFree
GetModuleHandleW
GetShortPathNameW
ExpandEnvironmentStringsW
GetProcAddress
OpenProcess
CreateFileW
ExitProcess
CloseHandle
FreeLibrary
WaitForMultipleObjects
GetCurrentThread
TlsGetValue
TlsSetValue
DebugBreak
CreateEventW
LoadLibraryW
GetModuleFileNameW
lstrcatW
HeapDestroy
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
GetLastError
InterlockedCompareExchange
PostQueuedCompletionStatus
OutputDebugStringW
SetFilePointer
FormatMessageW
GetQueuedCompletionStatus
LocalFree
GlobalUnlock

ole32

CoReactivateObject
CoDisconnectObject
StringFromIID
StringFromGUID2
CoGetCallContext
CLSIDFromProgID
ProgIDFromCLSID
CoFreeUnusedLibraries
CLSIDFromString
CoInitializeEx
CoUninitialize
CoGetApartmentID
CoWaitForMultipleHandles
CoGetCurrentLogicalThreadId
CoMarshalInterface
CoCreateGuid
CoDeactivateObject
CoCreateInstance
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
OleSaveToStream
OleLoadFromStream
WriteClassStm
ReadClassStm
GetHGlobalFromStream
CreateStreamOnHGlobal
CreateGenericComposite
CreateAntiMoniker
MonikerCommonPrefixWith
MonikerRelativePathTo
MkParseDisplayName
CoRevertToSelf
CreateBindCtx
CoGetClassObject
CoImpersonateClient
CoSetProxyBlanket
CoCreateInstanceEx
CoGetMarshalSizeMax
CoUnmarshalInterface
IIDFromString
StringFromCLSID
CoReleaseMarshalData
CoGetObject

advapi32

LsaQueryInformationPolicy
IsValidSecurityDescriptor
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetLengthSid
LsaOpenPolicy
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityDescriptorControl
TraceEvent
UnregisterTraceGuids
OpenTraceW
CopySid
LsaFreeMemory
LsaClose
OpenProcessToken
GetTokenInformation
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetEffectiveRightsFromAclW
GetAclInformation
GetSecurityDescriptorDacl
BuildTrusteeWithSidW
LookupAccountSidW
RevertToSelf
ImpersonateSelf
OpenThreadToken
AccessCheck
SetThreadToken
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
FreeSid
SetKernelObjectSecurity
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
InitializeSecurityDescriptor
ProcessTrace
RegOpenKeyW
GetTraceLoggerHandle
StartTraceW
ControlTraceW
CloseTrace
SetTraceCallback
EnableTrace
RegisterTraceGuidsW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
LookupAccountNameW
GetAce
AddAce
AddAccessAllowedAceEx
DeleteAce
EqualSid
IsValidSid
CreateProcessAsUserW
DuplicateTokenEx
GetSecurityDescriptorLength

rpcrt4

UuidToStringA
RpcStringFreeA
UuidFromStringW
UuidCreateSequential
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrStubCall2
NdrStubForwardingFunction
UuidCreate
MesHandleFree
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcStringFreeW
UuidToStringW

netapi32

NetUserModalsGet
NetApiBufferFree

msvcrt

__dllonexit
_onexit
_wcsupr
?terminate@@YAXXZ
_wsplitpath
vswprintf
wcstok
_beginthreadex
_adjust_fdiv
_initterm
_wcsicmp
iswalpha
_local_unwind2
wcsstr
memmove
_ftol
_beginthread
wcscmp
mbstowcs
wcstombs
wcscpy
wcsrchr
wcslen
wcsncpy
_wcsdup
swprintf
_except_handler3
wcschr
_wtoi
__CxxFrameHandler
realloc
free
malloc
_ltow
??1type_info@@UAE@XZ
_vsnprintf
_CIexp
_wstrdate
_wstrtime
_waccess
_vsnwprintf
_CxxThrowException
wcscat
time
_snwprintf

ntdll

NtQuerySystemInformation
RtlExtendedLargeIntegerDivide
RtlDelete
RtlSplay
RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlLargeIntegerDivide

mtxclu

MtxCluIsClusterPresent

version

VerQueryValueW

Sections

.text
Size: 57KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2576f2ec2bdfe2dc98f7b893bdd6cf3c

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ole32

advapi32

rpcrt4

netapi32

msvcrt

ntdll

mtxclu

version

Sections

.text Size: 57KB - Virtual size: 58KB

.data Size: 254KB - Virtual size: 258KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 57KB - Virtual size: 58KB

.data
Size: 254KB - Virtual size: 258KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 9KB - Virtual size: 9KB