59567cbf5a358e1a87dbf4e68d025af5

Sharing

Copy URL Twitter E-mail

General

Target

59567cbf5a358e1a87dbf4e68d025af5
Size

176KB
MD5

59567cbf5a358e1a87dbf4e68d025af5
SHA1

3b994ac7635258478ef2a2d6713e4ec10505fcda
SHA256

75dbed870bbdc9719d8d08f62db946b77782ab97f2b8a3a8fcd0133b9b6aef36
SHA512

8c74c01d3530e63a464526f730722e7198fe997edba63e8d7be8e1a0d221b580ab8c4ca4ac6644f33341b772e7a3b62316c71457d96de5020120e2928cf4d533
SSDEEP

3072:gOVv7ErfyAzUU1Ws/GBMExDQ1LkrZOxyK0yb30gWn6ecNgNdQ6ToL3pGZMyFpq:gOFwfyAzUUT/AMOD+LeZ8bEn0iN26TQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59567cbf5a358e1a87dbf4e68d025af5

Files

59567cbf5a358e1a87dbf4e68d025af5
.exe windows:4 windows x86 arch:x86

a5cbb723523ee97ec48067e82dc2c4e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

user32

EnumChildWindows
IsWindow
GetDlgItem
DestroyWindow
CreateWindowExW
SendMessageA
GetWindowThreadProcessId

ole32

CoGetMalloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
StringFromGUID2

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

iphlpapi

GetIpAddrTable

advapi32

OpenServiceW
OpenSCManagerW
QueryServiceLockStatusW
StartServiceA
GetSecurityDescriptorControl
RegRestoreKeyW
GetSecurityInfo
ChangeServiceConfig2W
IsValidAcl
InitializeAcl
RegSetValueExW
EqualSid
RegOpenKeyExW
SetEntriesInAclW
LockServiceDatabase
InitializeSecurityDescriptor
RegGetKeySecurity
FreeSid
RegDeleteKeyW
GetNamedSecurityInfoW
CreateServiceW
SetNamedSecurityInfoW
QueryServiceConfigW
DeleteService
ChangeServiceConfigW
LookupPrivilegeDisplayNameA
RegEnumKeyExW
RegQueryValueExW
GetTokenInformation
RegCreateKeyExW
AllocateAndInitializeSid
LookupAccountSidW
ControlService
GetInheritanceSourceW
AdjustTokenPrivileges
RegCloseKey
SetEntriesInAclA
OpenProcessToken
AddAce
SetSecurityInfo
LookupPrivilegeValueA
GetAce
EnumDependentServicesW
CloseServiceHandle
QueryServiceStatus
IsValidSecurityDescriptor
RegSaveKeyW
GetAclInformation
UnlockServiceDatabase
LookupPrivilegeNameA
SetSecurityDescriptorDacl
FreeInheritedFromArray
RegDeleteValueW
RegEnumValueW

rpcrt4

UuidCreate

setupapi

SetupGetLineTextA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsA
SetupOpenInfFileA
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiDeleteDeviceInfo
SetupDiGetClassDevsA
SetupDiClassNameFromGuidW
SetupDiCreateDeviceInfoList
SetupDiClassGuidsFromNameW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassDescriptionW
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiBuildClassInfoList
SetupCopyOEMInfW
SetupCloseInfFile
SetupGetInfFileListA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

GetCalendarInfoW
CloseHandle
SetFilePointer
InitializeCriticalSection
DeviceIoControl
GetEnvironmentStringsW
GetStringTypeW
MultiByteToWideChar
FileTimeToSystemTime
GetTimeZoneInformation
GetExitCodeProcess
HeapAlloc
CreateProcessW
CreateWaitableTimerA
ExpandEnvironmentStringsW
SetEnvironmentVariableA
SetWaitableTimer
SetUnhandledExceptionFilter
GetSystemDirectoryW
EnterCriticalSection
WriteConsoleA
GetModuleHandleA
HeapFree
CancelWaitableTimer
SetStdHandle
GetLocaleInfoA
SystemTimeToFileTime
GetCommandLineA
HeapDestroy
DeleteCriticalSection
GetTimeFormatA
GetSystemTimeAsFileTime
GetFileAttributesW
TlsSetValue
UnhandledExceptionFilter
GetConsoleOutputCP
RaiseException
GetTempPathW
FreeEnvironmentStringsA
HeapCreate
LoadLibraryExW
GetStdHandle
GetEnvironmentVariableW
GetProcAddress
TlsAlloc
SetEvent
DeleteFileW
ReadFile
SetFileAttributesW
QueryPerformanceCounter
GetCurrentThreadId
CompareStringA
GetSystemTime
CreateDirectoryW
WriteConsoleW
GetTickCount
CreateFileW
GetLastError
TerminateProcess
GetConsoleCP
EnumResourceNamesA
MoveFileExW
FlushFileBuffers
WriteFile
GetConsoleMode
SetHandleCount
CreateEventA
LCMapStringA
CreateFileMappingA
GetVersionExA
WideCharToMultiByte
SetLastError
Sleep
HeapReAlloc
GetCurrentProcess
VirtualAlloc
GetVersionExW
FreeEnvironmentStringsW
RtlUnwind
VirtualFree
GetCPInfo
LocalFree
GetDateFormatA
LoadLibraryA
HeapSize
GetProcessHeap
TlsFree
GetModuleFileNameA
SetEndOfFile
GetEnvironmentStrings
InitializeCriticalSection
GetFileType
LCMapStringW
CreateThread
FileTimeToLocalFileTime
InterlockedDecrement
CreateFileA
IsDebuggerPresent
WaitForSingleObject
MapViewOfFile
ResetEvent
GetACP
GetCurrentProcessId
LocalAlloc
InterlockedIncrement
FreeLibrary
GetOEMCP
UnmapViewOfFile
TlsGetValue
CopyFileW
ExitProcess
GetStartupInfoA
GetModuleHandleW
IsValidCodePage
LeaveCriticalSection
CompareStringW
GetStringTypeA

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5cbb723523ee97ec48067e82dc2c4e9

Headers

File Characteristics

Imports

newdev

shell32

user32

ole32

mprapi

iphlpapi

advapi32

rpcrt4

setupapi

kernel32

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 74KB - Virtual size: 73KB

.rsrc Size: 1024B - Virtual size: 244KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 74KB - Virtual size: 73KB

.rsrc
Size: 1024B - Virtual size: 244KB