5823a8ae676989d3f2710c9e8548007f

Sharing

Copy URL

Twitter E-mail

General

Target

5823a8ae676989d3f2710c9e8548007f
Size

98KB
MD5

5823a8ae676989d3f2710c9e8548007f
SHA1

e726d0970b57de22a0f4b717dd2ad77ffa296e30
SHA256

d4b97b1e59e99235af7aae89b12d3c20d7648f22b4ba924eedbbbdbc7c0d9405
SHA512

05a1d6af5b9e2c4976ada7c5bb15e515190e85c628d314eaadd77b3de4c0b324d20c40fc1be2a3f995f6e60ae974d620552fa9d1ce32bbb80201de45fe48ce3b
SSDEEP

1536:SgfLUDtzkT1Lk6JF5g2rHGHfqKfq/oieDnLQdKfDwMrU1ms46KWUiG4:SgAug2rQWerL7ns49WUiF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5823a8ae676989d3f2710c9e8548007f

Files

5823a8ae676989d3f2710c9e8548007f
.dll windows:4 windows x86 arch:x86

4c6517204bcfeaa0b5b6c4637fc4672d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetStartupInfoA
CreatePipe
SetFilePointer
lstrcpynA
IsBadReadPtr
VirtualFree
VirtualAlloc
lstrlenA
SetEvent
CreateEventA
lstrcpyA
SystemTimeToFileTime
GetSystemTime
lstrcatA
Sleep
GetLastError
MoveFileA
DeleteFileA
GetTempFileNameA
TerminateThread
GetCurrentThread
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateSemaphoreA
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
GetComputerNameA
LoadLibraryA
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateProcessA
GetEnvironmentVariableA
LocalFree
LocalAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileTime
GetFullPathNameA
GetTempPathA
FileTimeToSystemTime
GetTimeZoneInformation
GetLocalTime
GetTickCount
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentThreadId
WinExec
ReleaseSemaphore
ResumeThread
SetThreadContext
GetThreadContext
VirtualAllocEx
FreeLibrary
GetProcAddress
GetVersion
MoveFileExA
CopyFileA
GetExitCodeProcess
CreateDirectoryA
RemoveDirectoryA
DisableThreadLibraryCalls
WaitForSingleObject
PeekNamedPipe
OutputDebugStringA
ReadFile
TerminateProcess
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetFileAttributesA
GetSystemTimeAsFileTime
VirtualQuery
HeapFree
GetProcessHeap
HeapAlloc
CreateFileA
WriteFile
CreateThread
CloseHandle
FindClose

user32

wvsprintfA
MessageBoxA
wsprintfA

advapi32

RegEnumValueA
RegDeleteValueA
RegSetValueExA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

ntdll

_chkstk
strstr
RtlUnwind
memmove
strchr
tolower
_strcmpi
_alldiv
_allmul
NtAllocateVirtualMemory
NtQuerySystemInformation
NtFreeVirtualMemory
NtOpenProcess
NtClose
_strlwr
_strnicmp

ws2_32

sendto
send
ioctlsocket
gethostbyname
inet_addr
recv
getsockname
shutdown
listen
bind
recvfrom
select
WSAGetLastError
ntohl
WSAStartup
gethostbyaddr
__WSAFDIsSet
accept
gethostname
htonl
WSASetLastError
htons
setsockopt
closesocket
socket
connect
ntohs

mapi32

ord140
ord129
ord17
ord75
ord21
ord11
ord19
ord13
ord23
ord138
ord135

shlwapi

StrChrA
StrStrA
StrToIntA
StrCmpNA

Exports

Exports

WLEventLogoff
WLEventLogon
WLEventShutdown

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c6517204bcfeaa0b5b6c4637fc4672d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ntdll

ws2_32

mapi32

shlwapi

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB