5861dfd33dcff3291324678418d4bfb8

General

Target

5861dfd33dcff3291324678418d4bfb8
Size

143KB
MD5

5861dfd33dcff3291324678418d4bfb8
SHA1

83bd28db33fec886aed5765b0b7bf1fc02bf75c4
SHA256

ce5fbe8a63a02b904c937cdf757afeb21a08d7b406dfa69e2c492796c48ccbf8
SHA512

cd6c396d05cdd1b26c7031e2bd20b08434a100184e97beac0ee1dcfc8af14f496745db5a8b3a87e5168405a58b487bc900b8496b5eb34b27071a5349eba1055b
SSDEEP

3072:IaSuRM/Adyc/5OsOJivpc9DiWaTQBWXLyYy:IaSTQBXASwDBrsXLyd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5861dfd33dcff3291324678418d4bfb8

Files

5861dfd33dcff3291324678418d4bfb8
.exe windows:5 windows x86 arch:x86

6097bc0c1089f8977ab3b76a95b0991e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

clbcatq

CoRegCleanup
DowngradeAPL
ComPlusMigrate

clusapi

CloseCluster
CloseClusterGroup
CloseClusterNode
ClusterEnum
ClusterControl

user32

LoadMenuW
DrawStateA
FlashWindow
GetPropW
PostMessageW
LoadBitmapA
IsCharLowerW
CreateDesktopW
DispatchMessageW
DialogBoxParamA
wsprintfA
IsDialogMessageW
LoadIconA
PeekMessageW

dbnmpntw

ConnectionVer
ConnectionClose
ConnectionWrite
ConnectionError
ConnectionRead

kernel32

MoveFileW
LeaveCriticalSection
GetDateFormatW
ReadConsoleA
GetProcAddress
CreateSemaphoreA
WaitNamedPipeW
GetModuleHandleA
GetSystemDirectoryA
WaitForSingleObjectEx
DeleteFileW
GetCurrentThreadId
GetStartupInfoW
CreateMailslotW
SetErrorMode
lstrcmpiW
MoveFileExW
CloseHandle
GetTempPathW
GetShortPathNameW
GetExpandedNameA
LoadLibraryExW

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6097bc0c1089f8977ab3b76a95b0991e

Headers

DLL Characteristics

File Characteristics

Imports

clbcatq

clusapi

user32

dbnmpntw

kernel32

Sections

.text Size: 54KB - Virtual size: 53KB

.ndata Size: 83KB - Virtual size: 83KB

.ndata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 54KB - Virtual size: 53KB

.ndata
Size: 83KB - Virtual size: 83KB

.ndata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB