5c24dbf97f5b49739190a53724fc52d3

Sharing

Copy URL

Twitter E-mail

General

Target

5c24dbf97f5b49739190a53724fc52d3
Size

126KB
MD5

5c24dbf97f5b49739190a53724fc52d3
SHA1

54615cb441c3772779b599fefa10b2d5f5a1bccf
SHA256

c67ae8ffaeaa53f474912515ac85b3fbe42739ce3e6a15f365d4e8de76f13eb7
SHA512

f32a201286a982997a05b3f522daf47b1f2027d3b11a0eb563ff33ce5cc62adb06c38ad05a88684bb750195f396e6eae5b0e243fb67d15491044062031f24d52
SSDEEP

3072:y4crk7PTUxriZiPeM27LlNi8SikblPS3FLpMMYYNgeG0jS:ypSGe/7LlNi8Mx63FOMNge

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c24dbf97f5b49739190a53724fc52d3

Files

5c24dbf97f5b49739190a53724fc52d3
.exe windows:6 windows x86 arch:x86

1101b5ccf082394a67f3b350d2a2714e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
EventRegister
EventUnregister
EventWrite
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
LookupAccountNameW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RevertToSelf
GetSecurityDescriptorLength
ImpersonateLoggedOnUser
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumValueW
RegQueryValueExW
RegDeleteKeyExW
LookupAccountSidW
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

GlobalUnlock
GlobalLock
MapViewOfFile
GlobalFree
GlobalAlloc
GetHandleInformation
SetErrorMode
GetCurrentProcessId
HeapSetInformation
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetVersionExW
CreateFileW
CreateFileMappingW
FindResourceExW
WaitForSingleObject
ReleaseMutex
WaitForMultipleObjects
OutputDebugStringW
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
UnmapViewOfFile
FormatMessageW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LocalFree
SetPriorityClass
SetLastError
ExpandEnvironmentStringsW
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
lstrlenA
GetLastError
WideCharToMultiByte
InterlockedIncrement
InterlockedExchange
GetVersionExA
GetModuleFileNameW
SetEvent
GetProcessTimes
GetCurrentProcess
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
CloseHandle
GetModuleHandleW
GetProcAddress
GetCurrentThread
GetThreadTimes

msvcrt

_iob
fprintf
_wcsnicmp
_purecall
malloc
free
_itow_s
strncmp
wcsncmp
bsearch
_controlfp
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
memcpy
_wtoi
memset
wcsncpy_s
_CxxThrowException
memcpy_s
__CxxFrameHandler3
_vsnwprintf
_ultow
_wcsicmp
_vsnprintf
strerror

user32

UnregisterClassA
LoadStringW
CharNextW

ole32

CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoTaskMemRealloc
CoUninitialize
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoGetMarshalSizeMax
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VarUI4FromStr

tquery

?ciDelete@@YGXPAX@Z
?ciNewNoThrow@@YGPAXI@Z

imm32

ImmDisableIME

msshooks

LoadMSSearchHooks

mscoree

LockClrVersion

shlwapi

SHRegGetValueW

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1101b5ccf082394a67f3b350d2a2714e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

oleaut32

tquery

imm32

msshooks

mscoree

shlwapi

Sections

.text Size: 75KB - Virtual size: 74KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 33KB

.text
Size: 75KB - Virtual size: 74KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 33KB