5af885c0800799861827423bd6e00af9

Sharing

Copy URL

Twitter E-mail

General

Target

5af885c0800799861827423bd6e00af9
Size

296KB
MD5

5af885c0800799861827423bd6e00af9
SHA1

5ddf67efdf3b84499f20f453a3babb5ce8802643
SHA256

4b529f8c3fc4cc19ec6ef37819318393a5c5e39f90663b22de3b7410575a7009
SHA512

7ff27ad78fd495a7b003d589ee80f23fa23cf396d026adcb8ba073a2fdbdcf3620dfa0b8e36e6d01eb3bf3f4e5df8fd24e7e48d33cc6c3d0f365cb0351904f68
SSDEEP

6144:47EuDInp6g5dsMweSToKxd2JfMRK8A/KlE+LKA7hCALjJSR3CSu/PZlDXvSe1A:iDahjw0Kxd2JfMR5rQcURNuXo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5af885c0800799861827423bd6e00af9

Files

5af885c0800799861827423bd6e00af9
.exe windows:5 windows x86 arch:x86

c772d702847957867f702cca2d956d1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleCtrlHandler
SetProcessShutdownParameters
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
GetComputerNameA
GetVersionExA
GetProcAddress
FreeLibrary
ReleaseMutex
CreateMutexA
LoadLibraryA
IsBadWritePtr
CreateEventA
IsBadReadPtr
WriteFile
SetFilePointer
CreateFileA
LocalFree
FormatMessageA
CreateThread
TerminateThread
SuspendThread
GetTickCount
ResetEvent
CopyFileA
MoveFileA
DeleteFileA
SetCommTimeouts
GetCommTimeouts
ClearCommError
ReadProcessMemory
OpenProcess
GetCurrentThread
GetSystemDirectoryA
GetWindowsDirectoryA
MoveFileExA
ReleaseSemaphore
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
ReadFile
CreateNamedPipeA
SetNamedPipeHandleState
RtlUnwind
ResumeThread
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
TlsAlloc
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
CloseHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
SetUnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleFileNameA
Sleep
CreateProcessA
OpenEventA
SetEvent
OpenSemaphoreA
CreateSemaphoreA
GetLastError
GetExitCodeThread
SetLastError
UnhandledExceptionFilter

user32

wsprintfA
PostMessageA
RegisterWindowMessageA
PostQuitMessage
DestroyWindow
DefWindowProcA
UnregisterClassA
DispatchMessageA
TranslateMessage
GetMessageA
IsWindow
CreateWindowExA
RegisterClassA
LoadCursorA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
FreeSid
RegSetKeySecurity
StartServiceA
SetSecurityDescriptorOwner
ControlService
InitializeAcl
AddAccessAllowedAce
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus
AllocateAndInitializeSid
ImpersonateNamedPipeClient
RevertToSelf
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
OpenThreadToken
DuplicateToken
SetThreadToken
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
QueryServiceConfigA
QueryServiceStatus
OpenSCManagerA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
OpenServiceA
CreateServiceA
DeleteService
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase

winspool.drv

GetPrinterDataA
EnumPortsA
ClosePrinter
GetPrinterDriverA
OpenPrinterA
EnumPrintersA
DeleteMonitorA
AddPortA

mpr

WNetGetConnectionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

RpcServerRegisterIf
RpcServerListen
RpcServerUseProtseqA
NdrFullPointerXlatInit
NdrPointerUnmarshall
NdrFullPointerXlatFree
NdrConformantStringBufferSize
RpcEpRegisterA
RpcServerInqBindings
NdrConformantArrayMarshall
NdrSimpleStructMarshall
NdrComplexStructBufferSize
NdrComplexStructMarshall
NdrClientInitializeNew
I_RpcGetCurrentCallHandle
NdrGetBuffer
NdrSendReceive
NdrFreeBuffer
NdrServerInitializeNew
NdrConvert
RpcRaiseException
I_RpcGetBuffer
NdrConformantArrayUnmarshall
NdrAllocate
NdrSimpleStructUnmarshall
NdrConformantStringUnmarshall
NdrComplexStructUnmarshall
NdrPointerFree
RpcBindingVectorFree
RpcRevertToSelf
RpcImpersonateClient
NdrConformantArrayBufferSize
NdrConformantStringMarshall
RpcServerUnregisterIf
RpcEpUnregister
RpcMgmtWaitServerListen
RpcMgmtStopServerListening

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c772d702847957867f702cca2d956d1c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

winspool.drv

mpr

version

rpcrt4

Sections

.text Size: 228KB - Virtual size: 225KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 44KB - Virtual size: 53KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 228KB - Virtual size: 225KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 44KB - Virtual size: 53KB

.rsrc
Size: 4KB - Virtual size: 3KB