5b5588cc36b50bb43c451b4ee2c4e2a6

Sharing

Copy URL Twitter E-mail

General

Target

5b5588cc36b50bb43c451b4ee2c4e2a6
Size

418KB
MD5

5b5588cc36b50bb43c451b4ee2c4e2a6
SHA1

b12b7701821da2293ddf746ba57203ebe2960d62
SHA256

4d5f21e033f3fd8dfe5e46c70bec8d1331ed5ddbde68add87890f555bc3d80d6
SHA512

75cb6b08cc1a886f1c7e1b1e03574087dbca6610ef4af232f26736b6898df353733064baed2d526689327b6bcb3e30eba06c0c930e490601fe0b536da6d4af40
SSDEEP

12288:5WGI/Ib/1U9ZjD+M57hxPLtOHSlUKu5V5:9I/8uTVnt9u5V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b5588cc36b50bb43c451b4ee2c4e2a6

Files

5b5588cc36b50bb43c451b4ee2c4e2a6
.exe windows:4 windows x86 arch:x86

8f275ea2b341be09eafa85bf5635750a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
TlsGetValue
WaitNamedPipeW
SetConsoleWindowInfo
GetCommandLineA
GlobalAddAtomA
GetTimeFormatA
ContinueDebugEvent
GetDateFormatA
GetOEMCP
EnterCriticalSection
LoadLibraryExW
SetEnvironmentVariableA
VirtualProtect
InterlockedExchange
GetCurrentProcessId
InitializeCriticalSection
CreateFileW
HeapReAlloc
GetUserDefaultLCID
GetLongPathNameA
QueryPerformanceCounter
GetCurrentThreadId
TlsFree
HeapSize
SetComputerNameA
GetStringTypeA
VirtualFree
GetModuleHandleA
LoadLibraryA
WriteFile
WideCharToMultiByte
GetDiskFreeSpaceA
WritePrivateProfileStructA
IsValidLocale
TlsAlloc
VirtualQuery
GetLocaleInfoA
ExitProcess
GetLocaleInfoW
LCMapStringA
HeapCreate
SetHandleCount
DeleteCriticalSection
EnumResourceTypesW
LCMapStringW
GetLastError
GetTickCount
CompareStringW
GetStringTypeW
HeapDestroy
CreateNamedPipeW
GetStdHandle
GetCurrentThread
VirtualAlloc
SetConsoleCP
TlsSetValue
SetLastError
PulseEvent
TerminateProcess
HeapFree
IsValidCodePage
GetCommandLineW
WritePrivateProfileStringW
GetStartupInfoA
GetTimeZoneInformation
GetProcAddress
GetSystemInfo
GetCurrentProcess
RtlUnwind
GetEnvironmentStrings
SetPriorityClass
HeapAlloc
CompareStringA
FreeEnvironmentStringsW
MultiByteToWideChar
UnhandledExceptionFilter
GetFileType
EnumSystemLocalesA
GetSystemTimeAsFileTime
IsBadWritePtr
GetModuleFileNameA
FreeEnvironmentStringsA
SetConsoleTitleA
GetACP
GetVersionExA
LeaveCriticalSection
GetEnvironmentStringsW

wininet

ShowClientAuthCerts
InternetHangUp

advapi32

CryptGetHashParam
RegRestoreKeyA
RegReplaceKeyW
InitiateSystemShutdownW
RegCreateKeyExW
RegQueryValueA
CryptGetUserKey
CryptSetProviderExW
CryptSignHashA
RegOpenKeyExW
InitiateSystemShutdownA
CreateServiceW
RegEnumKeyExA
CryptEnumProviderTypesW
CryptCreateHash
RegEnumKeyW
LogonUserW
CryptReleaseContext
ReportEventW
LookupPrivilegeValueW
RegSetValueA
CryptContextAddRef
CryptGetProvParam

shell32

DragQueryPoint
SHGetFileInfo
SHGetFileInfoA

user32

GetMonitorInfoA
GetWindowPlacement
MessageBoxExW
ToAsciiEx
CloseWindow
SetMenuItemInfoW
GetMonitorInfoW
GetClassInfoA

comdlg32

LoadAlterBitmap

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f275ea2b341be09eafa85bf5635750a

Headers

File Characteristics

Imports

kernel32

wininet

advapi32

shell32

user32

comdlg32

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 8KB - Virtual size: 30KB

.data Size: 277KB - Virtual size: 277KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 8KB - Virtual size: 30KB

.data
Size: 277KB - Virtual size: 277KB

.rsrc
Size: 13KB - Virtual size: 12KB