5a851063952d20c2dc695144f1d31e90

Sharing

Copy URL Twitter E-mail

General

Target

5a851063952d20c2dc695144f1d31e90
Size

96KB
MD5

5a851063952d20c2dc695144f1d31e90
SHA1

ecb60bbb4cd957ddc4b90a8e1d355f24f620574a
SHA256

ac44984789985da0138ef0ada81fa60a80d0243312bcce3c900389a53fa47baf
SHA512

1b252c48953bda2f2e1b7dcb7da97587c1bee80f0be6d11b0ea44d0d19c48378205719c6418e503a6be5da1d1a2e1667d450bebcb7c17de1c2835fb17f073a7e
SSDEEP

1536:mQ+0Zg/NcpGRkCKlTquvK+jTUsRFo2KsuJ7C9M/LaC2/wCBi:Xg2CNTC1RFo2hO7CKLaLwCBi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a851063952d20c2dc695144f1d31e90

Files

5a851063952d20c2dc695144f1d31e90
.exe windows:4 windows x86 arch:x86

2fe71ebcebb870bb310feedc99e719e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

SendARP

ws2_32

WSAGetLastError
WSAStartup
inet_addr
inet_ntoa
WSACleanup
gethostname
gethostbyname

ntdll

ZwClose
RtlAllocateHeap
ZwQueryInformationToken
ZwOpenProcessToken
RtlUnwind
RtlFreeHeap

advapi32

GetUserNameW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
CreateProcessWithLogonW

shell32

CommandLineToArgvW
SHCreateDirectoryExW

shlwapi

PathRemoveFileSpecW
StrStrIW
PathFileExistsW
PathAppendW
StrChrW

user32

RegisterClassExW
DefWindowProcW
PostQuitMessage
GetThreadDesktop
GetUserObjectInformationW
FindWindowW
PostMessageW
wsprintfW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
ShowWindow
CreateWindowExW

psapi

EnumProcesses
GetModuleFileNameExW

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
CallNamedPipeW
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
MultiByteToWideChar
SetFilePointer
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
CloseHandle
ReadFile
CreateFileW
lstrcatW
GetModuleFileNameW
GetComputerNameA
lstrcmpiW
OpenProcess
lstrlenW
SetLastError
GetLastError
GetProcessHeap
GetCurrentProcess
lstrcpyW
GetEnvironmentVariableW
GetCurrentProcessId
ExpandEnvironmentStringsW
GetVersionExW
WritePrivateProfileStringW
CopyFileW
WaitForSingleObject
CreateProcessW
LocalFree
GetComputerNameW
GetCurrentThreadId
Sleep
GetExitCodeProcess
CreateMutexW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateThread
GetCommandLineW
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapAlloc
TlsSetValue
TlsAlloc
TlsGetValue
TerminateProcess
HeapReAlloc
HeapSize

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fe71ebcebb870bb310feedc99e719e8

Headers

File Characteristics

Imports

iphlpapi

ws2_32

ntdll

advapi32

shell32

shlwapi

user32

psapi

kernel32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 28KB - Virtual size: 24KB