5856a4346c63b02449e689f3acfa5f90

Sharing

Copy URL Twitter E-mail

General

Target

5856a4346c63b02449e689f3acfa5f90
Size

140KB
MD5

5856a4346c63b02449e689f3acfa5f90
SHA1

24277f3170a2413914f525488cb12185366a54a6
SHA256

7bfff59eb04da54c33b8f46709ffd27f364eb071c3080a24f0e01779377e6922
SHA512

b851af2ee38d0fa0edb828e659c9758d9ddb515d0ebd6abe66ca7f865b91e0b6d67d54d221fe750614d33abc0c9bcdb0db4038f97ededdaee5d1c87cdf89de2b
SSDEEP

3072:XGaeYYuUBjJdNVxcAFc1hSvubQvfGO9eJlXAbsmP:XGaeYY5Bj9VGvSvjf9eT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5856a4346c63b02449e689f3acfa5f90

Files

5856a4346c63b02449e689f3acfa5f90
.exe windows:5 windows x86 arch:x86

faa2758c40736b440f1e1b6ede3c888b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_purecall
_onexit
malloc
__set_app_type
__dllonexit
_XcptFilter
memcpy

kernel32

EnterCriticalSection
GetCommandLineW
FindNextFileA
GetThreadLocale
FlushFileBuffers
SystemTimeToFileTime
lstrcmpiW
QueryPerformanceCounter
TerminateProcess
GetModuleHandleW
CreateDirectoryW
CreateFileMappingW
LoadLibraryA
WaitForSingleObject
GetLastError
FreeLibrary
GetLocaleInfoW
OpenProcess
GetCommandLineA
GetDriveTypeW
GetVersion
SizeofResource
HeapCreate
ReleaseMutex
Sleep
CreateFileA
TlsSetValue
FormatMessageA
GetFullPathNameA
GetStringTypeA
GetProcAddress
FindResourceW
GetTickCount
GetOEMCP
lstrlenW
HeapFree
InterlockedCompareExchange
InitializeCriticalSection
GetStdHandle
GetConsoleCP
InterlockedIncrement
GetSystemTimeAsFileTime
CreateFileW
MultiByteToWideChar
ResumeThread
GetProcessHeap
InterlockedDecrement
GetCurrentProcess
LockResource
CreateEventW
GetPrivateProfileStringA
IsBadReadPtr
LoadResource
DeleteCriticalSection
LCMapStringA
GetCPInfo
HeapAlloc
GetSystemInfo
FindClose
VirtualAlloc
GetFileType
WriteConsoleA
GetACP
GetCurrentThreadId
GetFileSize
IsDebuggerPresent
LeaveCriticalSection
GlobalAlloc
GetCurrentProcessId
GetVersionExA
SetCurrentDirectoryA
ResetEvent
RtlUnwind
ReleaseSemaphore
LoadLibraryExW
VirtualProtect
FreeEnvironmentStringsW

user32

GetDC
ScreenToClient
GetKeyState
DispatchMessageW
wsprintfA
GetParent
SetWindowLongW
CheckMenuItem
FindWindowW
DispatchMessageA
DialogBoxParamW
PostQuitMessage
ReleaseDC
SetCapture
EndPaint
DestroyWindow
EnumWindows
GetFocus
SetWindowPos
SetWindowsHookExW
TranslateMessage
UnionRect
GetMessageW

ntdll

ZwReplaceKey

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromString

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faa2758c40736b440f1e1b6ede3c888b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

ntdll

ole32

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 3KB - Virtual size: 11KB

.idata Size: 26KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 23KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 66B

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 3KB - Virtual size: 11KB

.idata
Size: 26KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 23KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 66B