58beb37488757e55edbfe4a63cb70cad

Sharing

Copy URL

Twitter E-mail

General

Target

58beb37488757e55edbfe4a63cb70cad
Size

438KB
MD5

58beb37488757e55edbfe4a63cb70cad
SHA1

28ea353f049901d355e72fb8e1f05072a14be942
SHA256

1f27149e667f09504cca2b4def60917018d677e48365dba6fbaafdec689f9676
SHA512

a0a57ac2a5caeb152a68ae841101ae0344f9c507266cd21e02419abaada591ace665caba74d00791dfdd9a3d90821d1ad7a1f44a0d2b7c095566ed2cc1dc99dc
SSDEEP

6144:GePCYPJwsi128bVXkakIAqiAWtIZogYuVedXzBjWABYkzO8RevwBRM65fuVkSqUN:HPPPWD1vkEPCX5iyO8Riw1duG3mzv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58beb37488757e55edbfe4a63cb70cad

Files

58beb37488757e55edbfe4a63cb70cad
.exe windows:5 windows x86 arch:x86

f3c66efd7cea9a973b0e6109452c6ba9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
_except_handler3
wcslen
wcscpy
wcscat
memmove
free
vfwprintf
_errno
fputs
atoi
wcschr
_initterm
_adjust_fdiv
??2@YAPAXI@Z
??3@YAXPAX@Z
__isascii
swscanf
sprintf
wcstoul
wcstok
_wcsicmp
wcstol
_wtoi
_wtol
wcsrchr
_snwprintf
_vsnprintf
_iob
fflush
strcspn
fwprintf
strchr
fopen
getenv
fseek
ftell
fclose
fprintf
isxdigit
isdigit
isupper
_snprintf
strncmp
wcscmp
swprintf
_wcsnicmp
wcsncpy
wcsstr

atl

ord22
ord18
ord21
ord16
ord32
ord15

kernel32

GetComputerNameW
GetProcAddress
lstrcmpW
GetEnvironmentVariableW
GetVersionExW
GetTimeFormatW
FileTimeToLocalFileTime
GetEnvironmentVariableA
GetConsoleOutputCP
GetFileType
GetComputerNameExW
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
FormatMessageW
CompareFileTime
WriteFile
GetStdHandle
OutputDebugStringA
SetLastError
GetDateFormatW
WriteConsoleW
GetWindowsDirectoryA
GetSystemTime
SystemTimeToFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
DebugBreak
QueryPerformanceCounter
CreateThread
WaitForSingleObject
GetExitCodeThread
GetSystemDirectoryW
Sleep
DuplicateHandle
CreateEventW
RegisterWaitForSingleObject
UnregisterWait
LoadLibraryW
FreeLibrary
GetACP
CreateFileW
GetFileSize
ReadFile
LocalReAlloc
LocalAlloc
LocalFree
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
GetCurrentThread
GetCurrentProcess
CloseHandle
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetTickCount

advapi32

RegOpenKeyW
RegCreateKeyW
AllocateAndInitializeSid
AccessCheckByType
LsaOpenPolicy
LsaNtStatusToWinError
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
FreeSid
RegQueryInfoKeyW
GetSecurityDescriptorLength
RegOpenCurrentUser
MakeAbsoluteSD
MakeSelfRelativeSD
DuplicateToken
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegDeleteValueW
IsValidSecurityDescriptor
OpenThreadToken
RegEnumKeyExW
EqualSid
RegConnectRegistryW
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
GetLengthSid
CopySid
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

wldap32

ord27
ord203
ord69
ord73
ord14
ord145
ord13
ord41
ord36
ord210
ord224
ord79
ord155
ord147
ord142
ord140
ord26
ord113
ord65
ord40
ord194
ord133
ord10
ord12
ord18
ord16
ord167
ord127
ord208
ord122

ole32

CoCreateInstance
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstanceEx
CoSetProxyBlanket
CoTaskMemFree

oleaut32

CreateErrorInfo
SystemTimeToVariantTime
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
SetErrorInfo
LoadRegTypeLi
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

secur32

QuerySecurityContextToken
DeleteSecurityContext
AcceptSecurityContext
InitializeSecurityContextW
EnumerateSecurityPackagesW
FreeContextBuffer
AcquireCredentialsHandleW
QueryCredentialsAttributesW
FreeCredentialsHandle

user32

wsprintfW
GetDesktopWindow
LoadStringW

rpcrt4

RpcCancelThreadEx
NdrClientCall2
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
RpcBindingSetAuthInfoW
RpcBindingFree
RpcNetworkIsProtseqValidW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcMgmtInqServerPrincNameW
RpcStringFreeW

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgSelectCA

crypt32

CryptMsgGetParam
CryptMsgClose
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFindExtension
CryptDecodeObject
CryptSignMessage
CertNameToStrW
CryptMsgUpdate
CryptFindOIDInfo
CryptEncodeObject
CertFindCTLInStore
CertDeleteCTLFromStore
CertAddEncodedCTLToStore
CryptMsgEncodeAndSignCTL
CertGetCertificateContextProperty
CryptHashCertificate
CertGetCertificateChain
CertCreateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertStrToNameW
CryptMsgOpenToDecode
CryptEncodeObjectEx
CryptDecodeObjectEx
CertGetNameStringW

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 409KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3c66efd7cea9a973b0e6109452c6ba9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

kernel32

advapi32

wldap32

ole32

oleaut32

secur32

user32

rpcrt4

cryptui

crypt32

Sections

.text Size: 7KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 4KB

.tls Size: 409KB - Virtual size: 412KB

.rsrc Size: 11KB - Virtual size: 40KB

.text
Size: 7KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 4KB

.tls
Size: 409KB - Virtual size: 412KB

.rsrc
Size: 11KB - Virtual size: 40KB