5bd29673242748c2d0c55e6e44368ef3

Sharing

Copy URL

Twitter E-mail

General

Target

5bd29673242748c2d0c55e6e44368ef3
Size

169KB
MD5

5bd29673242748c2d0c55e6e44368ef3
SHA1

e8f86281f5dc3cfb127c5fb1c81df3da157d8e6d
SHA256

1dddb0aa71c06b7156e209a6aea9617df1a63cdff1c036cec117dbc8cc45a6ff
SHA512

fcee6ded798dbb55da32835f47e1eb8e89a3658369cec017991e0175e0a2d342e54055bf6bbf706cf19ec79a8f5fd863427726f486f111fab43beddd0c710f0b
SSDEEP

3072:x8VrNHfUrpPKC+8QxyOE5uPzIyV4e5dkTBfRn2cxDl:crNcr1KL8OEkIyVP5dkTBJ2cxR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bd29673242748c2d0c55e6e44368ef3

Files

5bd29673242748c2d0c55e6e44368ef3
.exe windows:5 windows x86 arch:x86

d2ec20e42a19ab1f9cf7820357319f5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenSystemStoreA
CertEnumCertificatesInStore
CertNameToStrA
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore

ntdll

NtQueryObject
_itoa
strtoul
strncpy
sprintf
RtlAdjustPrivilege
NtQuerySystemInformation
_strlwr
strncmp
NtClose
NtQueryInformationThread
NtQueryInformationProcess
NtProtectVirtualMemory
NtWriteVirtualMemory
memcmp
wcslen
atoi
wcscpy
sscanf
NtDuplicateObject
_strcmpi
strcmp
RtlCompareUnicodeString
_chkstk
_vsnprintf
_snprintf
strcat
strcpy
memset
isalnum
RtlRandom
strlen
memcpy
strstr
NtReadVirtualMemory
_allmul

wininet

InternetQueryOptionA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
InternetSetStatusCallback
GetUrlCacheEntryInfoW
FindCloseUrlCache

shlwapi

StrStrA
SHGetValueA
SHDeleteValueA
PathCombineA
SHRegSetUSValueA
StrCmpNIA
StrStrW
StrStrIA

wtsapi32

WTSFreeMemory

kernel32

SystemTimeToFileTime
DuplicateHandle
CloseHandle
HeapFree
HeapValidate
HeapAlloc
GetProcessHeap
GetTickCount
lstrcatA
DeleteFileA
GetLastError
GetLocalTime
TerminateThread
WriteFile
WaitNamedPipeA
CreateFileA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
DisconnectNamedPipe
FlushFileBuffers
ReadFile
IsBadReadPtr
OutputDebugStringA
GetCurrentThreadId
CreateThread
Sleep
GetModuleFileNameA
CreateMutexA
SetLastError
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
FileTimeToSystemTime
ConnectNamedPipe
CreateNamedPipeA
lstrcpyA
GetExitCodeThread
WaitForSingleObject
ExitProcess
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExA
HeapReAlloc
FreeLibrary
MultiByteToWideChar
ReadProcessMemory
GetThreadSelectorEntry
GetThreadContext
FlushInstructionCache
WideCharToMultiByte
OpenProcess
IsBadWritePtr
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetComputerNameA
lstrcmpA
GetWindowsDirectoryA
TerminateProcess
CreateProcessA
GetSystemDirectoryA
OpenMutexA
SetThreadPriority
GetThreadPriority
RemoveDirectoryA
MoveFileExA
GetTempFileNameA
GetTempPathA
ExitThread
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
SetFileAttributesW
GetFileAttributesW
CreateRemoteThread
DeleteFileW
CreateFileW
SetEvent
CreateDirectoryA
lstrlenA
CreateEventA
lstrlenW
SetNamedPipeHandleState
WaitNamedPipeW
lstrcatW
lstrcpyW
SetFileAttributesA
VirtualAlloc
VirtualProtect
VirtualFree
LocalFileTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
SetFileTime
GetCurrentProcessId

user32

LoadCursorA
GetIconInfo
DrawIcon
ReleaseDC
ToUnicode
wsprintfA
GetDesktopWindow
GetCursorPos
GetWindowRect
GetWindowDC
CharLowerA
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
SetWindowLongA
CallWindowProcA
GetWindowLongA
GetKeyboardState
EnumWindows

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
CreateCompatibleBitmap
DeleteDC

advapi32

RegQueryValueExA
GetUserNameA
CryptReleaseContext
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExA
CryptAcquireContextW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA

ole32

CreateStreamOnHGlobal

ws2_32

getpeername
ntohs
WSAGetLastError
inet_ntoa
inet_addr
htons

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2ec20e42a19ab1f9cf7820357319f5c

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ntdll

wininet

shlwapi

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 109KB

.CRT Size: 512B - Virtual size: 8B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 109KB

.CRT
Size: 512B - Virtual size: 8B

.reloc
Size: 8KB - Virtual size: 7KB