5b1c43c6ab0f7fccf5a3cfd6ea7e0a86

Sharing

Copy URL Twitter E-mail

General

Target

5b1c43c6ab0f7fccf5a3cfd6ea7e0a86
Size

244KB
MD5

5b1c43c6ab0f7fccf5a3cfd6ea7e0a86
SHA1

c926bbd88fbc44e2fc4737c093f8ea23a6b17b10
SHA256

e7c913866aee6cef76ead85372e2ba006e656684127543963dd05acda70079c2
SHA512

20a88d46bdadd87624adeeab9cdbf8d652ed2ba33092da427646c0e783854b37dc407c0ed849f6257d5c94457c79c38b7cc98f42c7159e50ebca706b0cdcde25
SSDEEP

6144:L+60LBKy7QxYUT9xnHLC7DNbNDbB2ieTBjRqVYaW7:6qyEB9xnHe/NbNDIieTxRqQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b1c43c6ab0f7fccf5a3cfd6ea7e0a86

Files

5b1c43c6ab0f7fccf5a3cfd6ea7e0a86
.exe windows:5 windows x86 arch:x86

a1214dfd1db8a904f72da14cd8266b8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
RaiseException
GetLastError
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
InterlockedIncrement
GetCurrentThreadId
SetLastError
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GlobalHandle
GlobalFree
lstrlenA
CloseHandle
CreateFileW
GetFileSize
ReadFile
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetTickCount
LoadLibraryW
GetProcAddress
FileTimeToSystemTime
LoadLibraryA
GetSystemDirectoryW
WideCharToMultiByte
WriteFile
Sleep
WaitForMultipleObjects
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
lstrlenW
GetStringTypeA
WaitForSingleObject
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
VirtualQuery
GetSystemInfo
VirtualProtect
CreateThread
ExitThread
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
FreeLibrary
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
TerminateThread
ResumeThread
GetStringTypeW
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
HeapDestroy
EnterCriticalSection
SetEvent
InitializeCriticalSection
CreateEventW
HeapAlloc
HeapFree
LCMapStringA

advapi32

RegQueryInfoKeyW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW

comctl32

InitCommonControlsEx

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush

mapi32

ord17
ord75
ord140
ord135

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
OleRun
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoCreateInstance

oleaut32

GetErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SystemTimeToVariantTime
VariantChangeType
VarUdateFromDate
VariantCopy
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysFreeString
VariantInit
VarUI4FromStr
SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen

user32

GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
PostMessageW
IsWindow
UnregisterClassA
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
GetDesktopWindow
DefWindowProcW
RegisterClassExW
LoadCursorW
SetWindowLongW
DestroyAcceleratorTable
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
MessageBoxW
KillTimer
PostQuitMessage
SetTimer
GetSystemMetrics
LoadImageW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendDlgItemMessageW
MapDialogRect
IsDialogMessageW
SetWindowContextHelpId
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetDlgItem
SendMessageW
GetClassNameW
GetSysColor
RedrawWindow

wsock32

setsockopt
WSAStartup
send
recv
shutdown
accept
listen
WSAGetLastError
bind
htons
htonl
WSACleanup
socket
closesocket

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1214dfd1db8a904f72da14cd8266b8e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

mapi32

ole32

oleaut32

user32

wsock32

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: - Virtual size: 19KB

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: - Virtual size: 19KB