5821dcf5ad56501d957cbec467261544

Sharing

Copy URL Twitter E-mail

General

Target

5821dcf5ad56501d957cbec467261544
Size

140KB
MD5

5821dcf5ad56501d957cbec467261544
SHA1

49ccf6106e3121875338f42915ccd1bc98d424b1
SHA256

30f34bc6f44f42ce057a532a052b701afce298f08cae875d8555c2cf4fd7911a
SHA512

2d15eb23a042f07d0554aa454b5376d5d614ec1d269e5bedbacd98e46de9fe6e938b57fe0d1685fbb0e83d2feee1332d3a7c7478a63d5d0d96265ef84fdb2da8
SSDEEP

3072:dOpAIFmN1KXxAu6/U5J8LzSu2i0JRZLbpw4IT4Cpm8LbMZIOpMOCLrSOK:MpAFayu6c58GKaRZLbkTBLbMfrIrs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5821dcf5ad56501d957cbec467261544

Files

5821dcf5ad56501d957cbec467261544
.exe windows:5 windows x86 arch:x86

33d7592c2511060139ac5f22e0dbea71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
GetCommandLineW
GetFileSizeEx
GetEnvironmentVariableW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
ExpandEnvironmentStringsW
CreateRemoteThread
Process32FirstW
Process32NextW
MoveFileExW
GetUserDefaultUILanguage
TlsGetValue
TlsSetValue
TerminateProcess
GetNativeSystemInfo
GlobalLock
GlobalUnlock
SetFileAttributesW
lstrcmpiW
GetPrivateProfileIntW
FlushFileBuffers
WriteFile
GetPrivateProfileStringW
LoadLibraryA
TlsFree
TlsAlloc
CreateFileMappingW
SetThreadPriority
WTSGetActiveConsoleSessionId
lstrcmpiA
GetCurrentThread
UnmapViewOfFile
MapViewOfFile
CreateMutexW
WriteProcessMemory
LocalFree
GetCurrentProcessId
DuplicateHandle
OpenEventW
WaitForMultipleObjects
GetModuleFileNameW
GetVersionExW
VirtualFree
GetComputerNameW
OpenMutexW
SetErrorMode
CreateFileW
GetFileAttributesW
LoadLibraryW
CreateDirectoryW
FreeLibrary
ExitProcess
CreateThread
GetLocalTime
GetProcessId
VirtualAlloc
VirtualFreeEx
SetThreadContext
GetThreadContext
GetSystemTime
GetFileAttributesExW
GetProcAddress
Sleep
GetModuleHandleW
ReleaseMutex
GetCurrentThreadId
GetTickCount
WaitForSingleObject
CloseHandle
CreateEventW
ResetEvent
EnterCriticalSection
SetLastError
GetLastError
LeaveCriticalSection
InitializeCriticalSection
GetTempPathW
SetEvent

user32

GetMenuState
GetMenuItemCount
PostThreadMessageW
HiliteMenuItem
GetUserObjectInformationW
EndMenu
GetShellWindow
ExitWindowsEx
CharToOemW
CharLowerW
EndPaint
GetUpdateRgn
RegisterClassExA
GetWindowDC
DefDlgProcW
DefFrameProcA
OpenInputDesktop
GetClassNameW
GetUpdateRect
GetDC
TranslateMessage
RegisterClassExW
GetClipboardData
GetDCEx
ReleaseDC
CreateWindowStationW
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
RegisterClassW
GetKeyboardState
ToUnicode
CloseWindowStation
MapVirtualKeyW
GetSystemMetrics
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
CharLowerBuffA
CreateDesktopW
GetProcessWindowStation
CloseDesktop
TrackPopupMenuEx
SetThreadDesktop
SetProcessWindowStation
BeginPaint
OpenWindowStationW
SystemParametersInfoW
GetIconInfo
RegisterWindowMessageW
IsRectEmpty
GetWindowThreadProcessId
GetThreadDesktop
GetMenuItemID
SetKeyboardState
GetSubMenu
CallWindowProcA
CallWindowProcW
DefWindowProcW
DefFrameProcW
RegisterClassA
GetMessageA
GetWindowRect
GetMessageW
SetCapture
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
OpenDesktopW
MenuItemFromPoint
GetMenu
GetMenuItemRect
DefWindowProcA
GetMessagePos
MapWindowPoints
SendMessageW
ReleaseCapture
IsWindow
SendMessageTimeoutW
GetCursorPos
SetWindowPos
PeekMessageA
DrawIcon

advapi32

EqualSid
IsWellKnownSid
GetLengthSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
ConvertSidToStringSidW
RegEnumKeyExW

shlwapi

PathRemoveBackslashW
StrCmpNIW
StrStrIW
StrStrIA
PathIsURLW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathQuoteSpacesW
PathRenameExtensionW
PathRemoveFileSpecW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

RestoreDC
SaveDC
CreateDIBSection
GdiFlush
SetViewportOrgEx
GetDIBits
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
SetRectRgn
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

getsockname
WSAEventSelect
listen
WSASetLastError
freeaddrinfo
socket
bind
recv
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
setsockopt
accept
getpeername
WSASend
closesocket
send

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData

wininet

InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
InternetOpenA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33d7592c2511060139ac5f22e0dbea71

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 5KB