59d80435be4f03e1c4cc2e53bc26b0ac

Sharing

Copy URL Twitter E-mail

General

Target

59d80435be4f03e1c4cc2e53bc26b0ac
Size

80KB
MD5

59d80435be4f03e1c4cc2e53bc26b0ac
SHA1

74adcbdc372b6c983ec4ea26cd90d819cb19b4da
SHA256

7049ff1cfb78599cac4fbbb0a45a665f38c1e1c52b736be1eaf8d9c58881cf31
SHA512

000f16ddb3255d2d039ff116ca5ed9e094d208707cf82b25611ac4c6362e532a0c3c120de3537235b4010217098f95a609e97ad37b05e672604778b38d9098fd
SSDEEP

1536:QTzZ8pCriFE788OuMhCr8Rcea9N5d518EC9tT0x2uGQ:q2c887Mh8t9V5Cx9tT0oZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59d80435be4f03e1c4cc2e53bc26b0ac

Files

59d80435be4f03e1c4cc2e53bc26b0ac
.dll windows:4 windows x86 arch:x86

29d891b863addfdd231c0ce103f0a662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameW
IsValidLocale
HeapCompact
PostQueuedCompletionStatus
SetFileTime
FindVolumeMountPointClose
DeleteVolumeMountPointW
GetTempPathA
GlobalMemoryStatusEx
GetDateFormatW
IsBadWritePtr
FlushConsoleInputBuffer
IsBadStringPtrW
GetDiskFreeSpaceA
GetTimeFormatA
FindNextVolumeW
LocalFileTimeToFileTime
LocalAlloc
WinExec
CallNamedPipeA
HeapSetInformation
CreateTimerQueue
SetStdHandle
WaitForSingleObjectEx
GetCommProperties
EnumUILanguagesW
GetStringTypeW
WriteConsoleInputA
GetUserDefaultUILanguage
FindNextFileW
CreatePipe
LocalHandle
SetEndOfFile
SetCommState
VirtualAllocEx
DeleteFileW
GetConsoleOutputCP
GlobalAddAtomW
GlobalFlags
GetSystemTime
SetupComm
FileTimeToSystemTime
GetVolumePathNameW
CompareStringA
VirtualQuery
GetCurrentProcessId
MapViewOfFile
CreateFileA
UnmapViewOfFile
GetSystemTimeAsFileTime
EnterCriticalSection
lstrlenA
InterlockedCompareExchange
GetSystemDirectoryA
Sleep
InterlockedExchange
WaitForSingleObject
CreateFileMappingA
GetLastError
LoadLibraryA
SetConsoleCtrlHandler
GetProcAddress

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

StrRetToStrW
StrStrIW
UrlUnescapeW
PathRenameExtensionW
UrlCombineW
PathRemoveBackslashW
PathSetDlgItemPathW
SHGetValueA

advapi32

ImpersonateSelf
RegOpenKeyExA
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
CredDeleteW
MakeAbsoluteSD
StartServiceW
SetThreadToken
ReportEventA
CreateServiceW
StartServiceA
QueryServiceLockStatusW
RegConnectRegistryA
RegQueryInfoKeyW
RegCreateKeyExA
CredGetSessionTypes
EnumServicesStatusA
LogonUserW
RegCreateKeyA
LogonUserA
QueryServiceConfigA
ObjectCloseAuditAlarmW
RegisterEventSourceA

gdi32

ArcTo
Polygon
GetBrushOrgEx
SetICMMode
SetViewportOrgEx
GetObjectW
CreateFontA
SetROP2
GetKerningPairsA
PlayEnhMetaFile
GetBkColor
CreateFontIndirectA
GetBitmapDimensionEx
CreateEnhMetaFileA
GetObjectA
GetWinMetaFileBits
SetDCBrushColor
GetRegionData
GetNearestPaletteIndex
TextOutA

Exports

Exports

CRLComms32

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29d891b863addfdd231c0ce103f0a662

Headers

File Characteristics

Imports

kernel32

oleaut32

shlwapi

advapi32

gdi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB