5b75ce9bd38d59c8ce99f2eb7ea9fe38

Sharing

Copy URL Twitter E-mail

General

Target

5b75ce9bd38d59c8ce99f2eb7ea9fe38
Size

288KB
MD5

5b75ce9bd38d59c8ce99f2eb7ea9fe38
SHA1

45a1541097150f9aae46de35b6913a6f02c26428
SHA256

1b36ffb52d933ff6b785208f2a1e5cdfba46d55f8cc847a5dc9ce352d47b8eb4
SHA512

9d2e19a41cd2a9d673a9342b7281d7be7525785845a6dd9de44307dad73e4ef168c39dbdc90f0b695a5a2f2d7f01e45cd36fa8ee851428923357b12d17abfe62
SSDEEP

6144:JZ/XDkF7bG5xswDdswFNEDRBq5j1+90lbiL/wf2l98IWdU:JZ/XD4mxswDzWKY4iL4f2l98ZU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b75ce9bd38d59c8ce99f2eb7ea9fe38

Files

5b75ce9bd38d59c8ce99f2eb7ea9fe38
.exe windows:5 windows x86 arch:x86

8102ad64326d5f9f213055471f3c4de5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrA
StrNCatA
StrChrA
wnsprintfA
StrToIntA
StrStrIA
PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetTempPathA
GetExitCodeProcess
GetFileAttributesA
MoveFileExA
Process32First
OpenProcess
TerminateProcess
Process32Next
CreateToolhelp32Snapshot
MultiByteToWideChar
GetModuleHandleA
InterlockedDecrement
WideCharToMultiByte
OpenMutexA
GetComputerNameA
FindResourceA
FreeResource
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
MulDiv
GlobalUnlock
GlobalFree
LockResource
GetFullPathNameA
DosDateTimeToFileTime
SetFileTime
GetFileTime
LocalFileTimeToFileTime
GetLocaleInfoA
RtlUnwind
FlushFileBuffers
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentDirectoryA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
HeapSize
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
GetConsoleMode
GetConsoleCP
GetFileType
GetModuleHandleW
LeaveCriticalSection
HeapReAlloc
lstrcmpiA
SetCurrentDirectoryA
CreateThread
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
GetVersionExA
GetLocalTime
lstrcpyA
LocalFree
LocalAlloc
GetVolumeInformationA
SetFilePointer
CreateMutexA
GetModuleFileNameA
GetLastError
CreateDirectoryA
ReadFile
CreateProcessA
Sleep
GetTickCount
SleepEx
WaitForSingleObject
GetFileSize
ExitProcess
WritePrivateProfileStringA
DeleteFileA
LoadLibraryA
GetPrivateProfileStringA
GetProcAddress
lstrcatA
GetWindowsDirectoryA
GetCurrentProcess
FreeLibrary
lstrcpynA
lstrlenA
CloseHandle
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
CreateFileA
lstrcmpA
InitializeCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentStringsW
EnterCriticalSection
GetSystemTimeAsFileTime

user32

GetKeyState
GetFocus
IsWindowEnabled
SetCursor
UnregisterClassA
ExitWindowsEx
DrawFocusRect
SetWindowLongA
GetWindowDC
DrawEdge
UpdateWindow
DrawTextA
GetWindowTextLengthA
GetDC
GetWindowTextA
InvalidateRect
IsDlgButtonChecked
PostMessageA
CheckRadioButton
EnableWindow
EndPaint
FillRect
GetParent
BeginPaint
ReleaseDC
GetDlgItem
SetWindowTextA
GetDlgCtrlID
DestroyWindow
GetMessageA
GetWindowRect
RegisterClassExA
PostQuitMessage
LoadIconA
GetClientRect
SetFocus
SendMessageA
IsDialogMessageA
TranslateMessage
GetWindowLongA
CreateWindowExA
PeekMessageA
DefWindowProcA
SetWindowPos
ShowWindow
DispatchMessageA
SystemParametersInfoA
LoadCursorA
MessageBoxA
FindWindowA

gdi32

LPtoDP
GetDeviceCaps
DPtoLP
SetMapMode
GetMapMode
CreateDIBitmap
CreateCompatibleBitmap
GetTextExtentPointA
TextOutA
BitBlt
SetTextColor
DeleteDC
CreateFontA
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectA
GetStockObject
CreateSolidBrush

advapi32

AdjustTokenPrivileges
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueA
SetNamedSecurityInfoA
RegDeleteValueA
CheckTokenMembership
RegOpenKeyExA
RegOpenKeyA
SetFileSecurityA
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
OpenProcessToken

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture
VariantClear

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8102ad64326d5f9f213055471f3c4de5

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 15KB - Virtual size: 26KB

.cdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 15KB - Virtual size: 26KB

.cdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 17KB - Virtual size: 17KB