59cd7810b2ade259c8ca4367d56c16b1

Sharing

Copy URL

Twitter E-mail

General

Target

59cd7810b2ade259c8ca4367d56c16b1
Size

115KB
MD5

59cd7810b2ade259c8ca4367d56c16b1
SHA1

4b6e289d9c12eda3a4e17ca481f6ce4bea306cdf
SHA256

dfa3efbd11baa46667fe85472b84301e1c99fba68087d1b5d7c0ad17295c31fb
SHA512

8d39148b7be921676c87666503689d7cfc2c96cad26fea1cc810e887a563f2e99c28137074f7a8f5dcdd88cd6634237a2d34e30bc7546824f31e1096cea95e61
SSDEEP

3072:JQIURUKx5MordTMT3twQWj1W/XtnJbitx089:Jvz86pOkzG

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
59cd7810b2ade259c8ca4367d56c16b1
unpack001/39e8d7e57cf5fe1ef5cc5c74a7c851f1.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

59cd7810b2ade259c8ca4367d56c16b1
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
39e8d7e57cf5fe1ef5cc5c74a7c851f1.exe
.exe windows:5 windows x86 arch:x86

6a6d302ff9fa189ba377deee72e77550

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadCursorW
GetMenuCheckMarkDimensions
KillTimer
GetClipboardOwner
CharNextA
EnableScrollBar
ValidateRect
CharUpperW
GetWindowDC
IsCharAlphaNumericW
DestroyCursor
GetUserObjectInformationW
SendMessageA

comdlg32

ChooseColorA
CommDlgExtendedError
ChooseFontA

urlmon

CoInternetCreateZoneManager
CoInternetCreateSecurityManager
URLDownloadToFileW

shell32

ExtractIconA
ExtractAssociatedIconA
ShellAboutA
DragQueryFileA
ShellExecuteExW
DragFinish
DoEnvironmentSubstW
ShellExecuteA

ole32

OleSetMenuDescriptor
CoTaskMemAlloc
StringFromCLSID
CoDisconnectObject
CoUninitialize
OleDraw
CoTaskMemFree
IsAccelerator
OleRegEnumVerbs
CreateStreamOnHGlobal
OleUninitialize
ReleaseStgMedium
OleInitialize
CoLockObjectExternal
CoGetClassObject
CoDosDateTimeToFileTime
MonikerCommonPrefixWith
CoFreeAllLibraries
GetHGlobalFromILockBytes
OleSetContainedObject
ProgIDFromCLSID
CoCreateInstance
RevokeDragDrop
CoGetInterfaceAndReleaseStream
CoInitialize
CreateILockBytesOnHGlobal
CLSIDFromProgID
RegisterDragDrop

advapi32

OpenProcessToken
PrivilegeCheck
RegNotifyChangeKeyValue
RegSaveKeyA
EnumDependentServicesW
ConvertToAutoInheritPrivateObjectSecurity
RegQueryMultipleValuesW
RegQueryMultipleValuesA
CloseEventLog
InitializeSecurityDescriptor

wininet

InternetGetConnectedState
FindNextUrlCacheEntryExW
FindFirstUrlCacheEntryExW
InternetSetOptionW
InternetReadFile
InternetQueryOptionW
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW

ws2_32

gethostbyaddr
listen
getprotobynumber
closesocket
setsockopt
bind
select

dbghelp

SymGetLineFromAddr
SymEnumSourceFiles
SymGetSymFromName64
SymEnumerateSymbolsW
SymGetSymNext64
SymGetModuleInfo64

mpr

WNetEnumResourceA
WNetEnumResourceW
WNetOpenEnumA
WNetGetResourceInformationW
WNetAddConnection3W
WNetDisconnectDialog

shlwapi

PathRemoveFileSpecW

winmm

auxOutMessage
waveInGetDevCapsA
mmioGetInfo
PlaySoundA
waveInOpen
mixerGetControlDetailsA

kernel32

LoadLibraryW
HeapReAlloc
HeapAlloc
LCMapStringW
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
GetConsoleCP
ExitProcess
GetTimeZoneInformation
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
Sleep
IsValidCodePage
GetOEMCP
GetACP
HeapFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
CreateFileW
WriteFile
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
RegisterWaitForSingleObject
RequestWakeupLatency
SetFileAttributesA
GlobalDeleteAtom
SetConsoleCursorInfo
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
SetEvent
CreateEventA
GetLastError
CreateThread

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 2KB - Virtual size: 2KB

6a6d302ff9fa189ba377deee72e77550

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

urlmon

shell32

ole32

advapi32

wininet

ws2_32

dbghelp

mpr

shlwapi

winmm

kernel32

Sections

.text Size: 69KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 68KB - Virtual size: 67KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 69KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 68KB - Virtual size: 67KB