8b52923082c664afa67500ae80c054e8

Sharing

Copy URL

Twitter E-mail

General

Target

8b52923082c664afa67500ae80c054e8
Size

256KB
MD5

8b52923082c664afa67500ae80c054e8
SHA1

e6306b4524fbae814612ff7f0e911b31e2d26d45
SHA256

4a10c8e2ac46b520e8b20904dfeb85467dcf4181a7b4264e843f67c7f0487577
SHA512

32ec8638df3f4e95bd670135c8794fa86767dfcf82fa398a44c9d32621a25a02f02f4fe8d37c0a80251cf37a083976163f4543757d79f0753d9ca3479ade3dde
SSDEEP

6144:s/v+QxpMTIxiOSvY987haFsKv8zI/DRuG+kHf1tDoI:sHxpMUcOSvY987UsOMtQnr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b52923082c664afa67500ae80c054e8

Files

8b52923082c664afa67500ae80c054e8
.exe windows:4 windows x86 arch:x86

0b0ea648b180ed5cf3b5298c0c0eda3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

user32

CharNextW
DestroyIcon
DestroyWindow

ole32

CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemRealloc

shell32

SHGetFolderPathW

ws2_32

send
htonl

oleaut32

VariantClear
VarUI4FromStr
SysFreeString
SysAllocString
VariantInit

shlwapi

PathAddBackslashW

psapi

GetPerformanceInfo

rpcrt4

UuidCreate

kernel32

FindNextFileW
IsWow64Process
LocalAlloc
HeapDestroy
LocalFree
LeaveCriticalSection
HeapFree
CreateFileW
HeapReAlloc
DisconnectNamedPipe
TlsSetValue
ReleaseMutex
HeapSize
FindResourceExW
SetWaitableTimer
GetCurrentThreadId
lstrlenA
FindClose
WaitForMultipleObjectsEx
CancelWaitableTimer
DeleteCriticalSection
GetProcessHeap
EnterCriticalSection
FormatMessageW
FindResourceW
ResumeThread
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
FreeLibrary
WriteFile
CreateEventW
SizeofResource
HeapAlloc
LoadLibraryExW
SetEndOfFile
IsDebuggerPresent
CreateProcessW
CreateMutexW
GetFileSizeEx
WideCharToMultiByte
CreateSemaphoreW
lstrlenW
ReleaseSemaphore
GetSystemTimeAsFileTime
RegisterWaitForSingleObject
CloseHandle
SetFileAttributesW
SetUnhandledExceptionFilter
ResetEvent
GetSystemInfo
CreateDirectoryW
GlobalFree
UnhandledExceptionFilter
LockResource
LoadResource
GetLocalTime
CancelIo
UnregisterWaitEx
FindFirstFileW
ConnectNamedPipe
CreateWaitableTimerW
CreateNamedPipeW
ReadFile
WaitForSingleObject
DisableThreadLibraryCalls
RaiseException
SetFilePointerEx
GetOverlappedResult
lstrcmpiW
GetModuleHandleW
IsValidCodePage
VirtualAllocEx

advapi32

CryptReleaseContext
MakeSelfRelativeSD
OpenProcessToken
RegOpenKeyExW
CopySid
RegDeleteKeyW
CryptAcquireContextW
TraceMessage
GetAclInformation
CryptGenRandom
CryptCreateHash
InitializeAcl
GetLengthSid
GetTraceLoggerHandle
CryptDestroyHash
GetSecurityDescriptorLength
GetTraceEnableFlags
AddAce
CryptDestroyKey
RegCreateKeyExW
RegEnumKeyExW
SetNamedSecurityInfoW
ControlTraceW
GetSecurityDescriptorSacl
GetTraceEnableLevel
CryptHashData
IsValidSid
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
GetTokenInformation
GetSecurityDescriptorGroup
UnregisterTraceGuids
RegisterTraceGuidsW
RegQueryInfoKeyW
RegSetValueExW
GetSecurityDescriptorOwner
ConvertSidToStringSidW
GetAce
GetSecurityDescriptorDacl
CryptGetHashParam
GetSecurityDescriptorControl
RegQueryValueExW

mscms

CreateColorTransformW
IsColorProfileTagPresent
SetColorProfileElementReference
SetStandardColorSpaceProfileW
DeleteColorTransform
GetColorProfileElementTag

modemui

CountryRunOnce

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TA
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.felE
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QDf
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 213KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b0ea648b180ed5cf3b5298c0c0eda3d

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

user32

ole32

shell32

ws2_32

oleaut32

shlwapi

psapi

rpcrt4

kernel32

advapi32

mscms

modemui

Sections

.text Size: 19KB - Virtual size: 19KB

.TA Size: 2KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 4KB

.dj Size: 2KB - Virtual size: 1KB

.felE Size: 1KB - Virtual size: 11KB

.QDf Size: 1KB - Virtual size: 12KB

.data Size: 213KB - Virtual size: 240KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 19KB - Virtual size: 19KB

.TA
Size: 2KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 4KB

.dj
Size: 2KB - Virtual size: 1KB

.felE
Size: 1KB - Virtual size: 11KB

.QDf
Size: 1KB - Virtual size: 12KB

.data
Size: 213KB - Virtual size: 240KB

.rsrc
Size: 11KB - Virtual size: 11KB