5b6e543edfa91d4733b8f8a1cff2921e

Sharing

Copy URL Twitter E-mail

General

Target

5b6e543edfa91d4733b8f8a1cff2921e
Size

345KB
MD5

5b6e543edfa91d4733b8f8a1cff2921e
SHA1

d29b7d0e8118fd487e520f2d6e6ef0107d823c44
SHA256

4e26ecc868574ff341970e4750c5970d9a361e5c9be9407a7174476d57dc5900
SHA512

063a00b52f022c6477e66eddb92e0113cede7c115194894e74fcece9783ccf4b2cd5e63676fcdb52a131f950e404f464c776f2d42118b21b23f6f98d839f9da2
SSDEEP

6144:9Kz8ywwxa0ZQI6Navsz/g9YU+/WpXaB/8Elj1YcwIOl+HXefAH/ynyoqq/:9K8DD0aVavsz//UKWpXaJ8EXEIOl+Ofb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b6e543edfa91d4733b8f8a1cff2921e

Files

5b6e543edfa91d4733b8f8a1cff2921e
.exe windows:4 windows x86 arch:x86

4981e2b1a605ae3634950019aaa2aa2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

VirtualQuery
GetModuleHandleA
OpenMutexW
GetFileType
CreateMutexA
GetStdHandle
OpenMutexA
VirtualProtect
SetHandleCount
GetSystemTime
EnumResourceLanguagesA
GetLastError
GetCommandLineA
ContinueDebugEvent
TlsAlloc
GetProcAddress
SetStdHandle
InitializeCriticalSection
HeapFree
QueryPerformanceCounter
GetLocalTime
GetStartupInfoA
HeapAlloc
GetCurrentProcess
MultiByteToWideChar
SetLastError
WriteConsoleOutputCharacterA
HeapCreate
WideCharToMultiByte
GetTickCount
HeapReAlloc
GetCurrentThreadId
FreeEnvironmentStringsW
VirtualAlloc
LCMapStringW
HeapDestroy
TerminateProcess
GetCommandLineW
TlsFree
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsA
CompareStringW
RtlUnwind
SetEnvironmentVariableA
CompareStringA
GetModuleFileNameA
LCMapStringA
GetModuleFileNameW
GetCurrentThread
GetStringTypeW
LoadLibraryA
GetCurrentProcessId
InterlockedIncrement
DeleteCriticalSection
RaiseException
FlushFileBuffers
GetEnvironmentStrings
GetSystemTimeAsFileTime
InterlockedDecrement
GetStringTypeA
SetFilePointer
TlsGetValue
VirtualFree
GetVersion
CloseHandle
GetSystemDefaultLCID
GetWindowsDirectoryW
GetStartupInfoW
TlsSetValue
EnterCriticalSection
MoveFileA
UnhandledExceptionFilter
GetTimeZoneInformation
InterlockedExchange
ReadFile
WriteFile
LeaveCriticalSection
LocalFlags
ExitProcess
IsBadWritePtr

user32

GetWindowTextLengthA
OpenDesktopA
DdeSetQualityOfService
RegisterClassA
OffsetRect
InternalGetWindowText
GetProcessDefaultLayout
DefMDIChildProcA
SetMenuContextHelpId
DdeImpersonateClient
EnumClipboardFormats
SwapMouseButton
InvalidateRgn
CharPrevW
GetDoubleClickTime
GetMonitorInfoW
MonitorFromPoint
EnumPropsW
ScrollWindow
SendNotifyMessageA
GetWindowModuleFileNameW
SetScrollPos
SetMenuInfo
GetComboBoxInfo
LoadImageW
RegisterClassExA

advapi32

CryptSetProvParam
RegCreateKeyExA
DuplicateToken
CryptVerifySignatureA
StartServiceA
LookupPrivilegeValueA
LookupPrivilegeNameA
RegQueryMultipleValuesW
CryptSetHashParam
CryptAcquireContextA
RegOpenKeyExW
StartServiceW
RegConnectRegistryA
RegQueryValueExA
InitiateSystemShutdownW
CryptCreateHash
LookupAccountNameA
CryptSetProviderExA

shell32

SHAppBarMessage

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4981e2b1a605ae3634950019aaa2aa2e

Headers

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

shell32

Sections

.text Size: 131KB - Virtual size: 131KB

.rdata Size: 5KB - Virtual size: 16KB

.data Size: 204KB - Virtual size: 204KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 5KB - Virtual size: 16KB

.data
Size: 204KB - Virtual size: 204KB

.rsrc
Size: 3KB - Virtual size: 2KB