5bb6092965115f102c1687fa14d9a93c

Sharing

Copy URL Twitter E-mail

General

Target

5bb6092965115f102c1687fa14d9a93c
Size

44KB
MD5

5bb6092965115f102c1687fa14d9a93c
SHA1

d14c4761f2bae30f92186c424c357cb87abcc388
SHA256

5304be8c263645762b8a6ba7b0f7ea9483e93c00b7993ee6f810bb4e647cee90
SHA512

bacdae0065ee460db08d49208d38e990224e136095cf59004f164f56910c952e5e8e10171a50b5b21314d813bd79feee228c493db55ffdf585c067767687241a
SSDEEP

768:L+hTCk+GEvSfgmq0lIHUUX/GKG06iUi1iLQtal2:Sh+eq0+H//VoWictal2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bb6092965115f102c1687fa14d9a93c

Files

5bb6092965115f102c1687fa14d9a93c
.exe windows:4 windows x86 arch:x86

3d741deff3ac77c88f9553a29412866a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventW
OpenProcess
InterlockedDecrement
WaitForSingleObject
HeapFree
GetProcessHeap
InterlockedIncrement
HeapAlloc
lstrlenA
CreateEventW
lstrcmpiW
Sleep
InitializeCriticalSection
DeleteCriticalSection
FindClose
FindNextFileW
FindFirstFileW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
WTSGetActiveConsoleSessionId
GetCurrentProcess
SetEvent
WaitForMultipleObjects
FormatMessageW
LocalAlloc
GetLocalTime
CreateFileW
SetFilePointer
WriteFile
CloseHandle
GetLastError
GetModuleFileNameW
lstrcatW
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
lstrlenW
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
GetACP
GetCommandLineW
QueryPerformanceCounter
ExitProcess
GetModuleHandleA
HeapSize
HeapReAlloc
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
GetVersionExA

user32

MessageBoxW
wsprintfW

advapi32

SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
GetLengthSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
CreateProcessAsUserW
SetServiceStatus
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle

shell32

CommandLineToArgvW

ole32

StringFromGUID2

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen

msvcp71

?_Nomemory@std@@YAXXZ

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

msvcr71

_onexit
?terminate@@YAXXZ
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_CxxThrowException
_snwprintf
_vsnwprintf
wcslen
free
malloc
memmove
_vscwprintf
vswprintf
??3@YAXPAX@Z
__CxxFrameHandler
realloc
_beginthreadex
wcscat
__p___argc
wcsspn
wcscspn
wcsrchr
_except_handler3
??_V@YAXPAX@Z
memset
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_adjust_fdiv
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___winitenv
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_controlfp

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d741deff3ac77c88f9553a29412866a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp71

wtsapi32

msvcr71

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB