9c5a8c0e51a0f375c343a95865e5b41d

Sharing

Copy URL

Twitter E-mail

General

Target

9c5a8c0e51a0f375c343a95865e5b41d
Size

268KB
MD5

9c5a8c0e51a0f375c343a95865e5b41d
SHA1

5d7b07ab90eff9a917215d1d7e8dade4e3c478d3
SHA256

bb823a531fb214c6dce2df3078f8db37a871bf36dfa90865696e137e43828df2
SHA512

dc360d7ebd351eca948c043703a59c2b0e643894b995dc1390775fb671e3a534fc0200742b0539161b58e4e1d1071fe17bd8a9984b05b8cd5a7bd50feb02588b
SSDEEP

6144:Noth3ZWsX8t1Ysv4FlqnRxVDjdC56LBNJR476fQQd:Noj3ctvv4XqRxVDRv1k6fH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c5a8c0e51a0f375c343a95865e5b41d

Files

9c5a8c0e51a0f375c343a95865e5b41d
.exe windows:4 windows x86 arch:x86

c99a56fb9ecd318f8578eede9dc990e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
VerFindFileA
VerInstallFileA

comdlg32

GetFileTitleW
GetOpenFileNameW

comctl32

ImageList_AddMasked
ImageList_DragLeave
ImageList_SetOverlayImage
ImageList_Add

advapi32

ReportEventW
RegReplaceKeyW
IsValidSid
SetSecurityDescriptorDacl
QueryServiceConfigA
LookupPrivilegeValueA
GetSidLengthRequired
RegLoadKeyA
RegOpenKeyW
LookupAccountSidA
QueryServiceStatus
AccessCheckAndAuditAlarmA
GetSidSubAuthorityCount
LookupAccountNameW
RegUnLoadKeyA
DestroyPrivateObjectSecurity
MapGenericMask
RegSaveKeyA
CryptImportKey
OpenServiceA
GetPrivateObjectSecurity
ChangeServiceConfigA
RegRestoreKeyW
ReportEventA
SetSecurityDescriptorOwner
LogonUserA
UnlockServiceDatabase
RegRestoreKeyA

shell32

SHFileOperationA
ExtractIconExW
SHAddToRecentDocs
SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHGetDesktopFolder
ShellExecuteA
SHBrowseForFolderA
FindExecutableA

kernel32

FormatMessageW
GetModuleHandleA
WritePrivateProfileSectionW
GetCurrentDirectoryW
InitializeCriticalSection
SetCommMask
FreeLibrary
GetLongPathNameA
GetSystemTime
VirtualAlloc
lstrlenA
Beep
GetSystemTimeAdjustment
GetProfileStringA
GetConsoleCursorInfo
GetEnvironmentVariableW
SetFileTime
GetSystemInfo
SetErrorMode
GetFileInformationByHandle
VirtualLock
SetLastError
FindResourceExW
FreeResource
GetCommandLineW
lstrcmpiW
SystemTimeToFileTime
ConnectNamedPipe
AllocConsole
MultiByteToWideChar
ScrollConsoleScreenBufferA
GlobalFindAtomA
GetSystemTimeAsFileTime
EnumSystemCodePagesA
CreateProcessA
GlobalAddAtomW
RemoveDirectoryW
SetEnvironmentVariableA
FlushConsoleInputBuffer
FormatMessageA
LocalLock
CreateEventA
SetEvent
FindFirstFileExW
ExitThread
CompareStringW
VirtualFree
SetConsoleWindowInfo
ClearCommBreak
VirtualQueryEx
ReadDirectoryChangesW
GenerateConsoleCtrlEvent
lstrcpynA
_lread
SetProcessAffinityMask
TlsGetValue
GetThreadContext
IsBadWritePtr
GetWindowsDirectoryA
DeleteCriticalSection
GetFileAttributesA
GlobalFindAtomW
SetThreadPriorityBoost
GetTapeParameters
GetCommModemStatus
WriteFile
GetHandleInformation
GlobalFlags
EnumResourceLanguagesW
TryEnterCriticalSection
SetProcessWorkingSetSize
MoveFileW
SetupComm
GetFullPathNameA
RaiseException
VirtualProtect
LocalReAlloc
CompareStringA
SetConsoleMode
GetShortPathNameW
SuspendThread
GetCommState
ReadConsoleOutputA
CreateWaitableTimerA
OpenSemaphoreW
GlobalAddAtomA
SetSystemTime
QueryDosDeviceW
SizeofResource
EnumResourceNamesW
CreateIoCompletionPort
IsDBCSLeadByteEx
PeekNamedPipe
GetCurrentProcess
GetDiskFreeSpaceExA
_lclose
GetCompressedFileSizeW
GetVersion
GetFileType
GetStartupInfoA

user32

SendNotifyMessageW
GetClipboardFormatNameW
PostThreadMessageW
EnumDisplaySettingsExW
EnumDesktopsA
DefWindowProcW
CharNextExA
WaitMessage
CloseDesktop
LoadMenuW
LoadBitmapA
RemoveMenu
IsChild
SetProcessWindowStation
FrameRect
DragDetect
CharLowerW
SetWinEventHook
SetTimer
MenuItemFromPoint
wvsprintfW
GetSystemMenu
CharLowerBuffW
CreateMDIWindowW
SetWindowsHookExW
SetWindowTextW
GetClassInfoExW
SwitchToThisWindow
InsertMenuW
FlashWindow
SetPropA
ActivateKeyboardLayout
DrawMenuBar

oleaut32

SafeArrayGetLBound
SysAllocStringLen
SafeArrayPutElement
QueryPathOfRegTypeLi
SafeArrayGetElement
SysFreeString
LoadTypeLibEx
VariantCopy
SafeArrayUnaccessData
SetErrorInfo

gdi32

CreateDIBPatternBrush
GetTextMetricsW
InvertRgn
CreateBitmapIndirect
RectVisible
MoveToEx

ole32

OleQueryLinkFromData
CoRegisterClassObject
CreateBindCtx
CoGetClassObject
CoTaskMemRealloc

msvcrt

strtod
_wcsdup
system
_mbsicmp
tmpnam
strrchr
mbtowc
strncmp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memchr
wcsncpy
_mbstrlen
wcscmp
_popen
_chdir
_strlwr
memmove
_stricmp
_pclose
isdigit
_c_exit
ctime
fgetc
_ultow
_sys_errlist
localeconv
_filelength
_endthread
free
longjmp
_ismbcspace
_ltoa
freopen
_dup
getc
_beginthread
_getche
wprintf
ungetc
_fullpath
_controlfp
strerror
setvbuf
_wstrdate
fseek
_mbsstr
fread
fwprintf
isspace
getenv
iswprint
_strncoll
_mbsnicmp
sprintf
_cwait
_get_osfhandle
_open
_ultoa
__doserrno

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c99a56fb9ecd318f8578eede9dc990e1

Headers

File Characteristics

Imports

version

comdlg32

comctl32

advapi32

shell32

kernel32

user32

oleaut32

gdi32

ole32

msvcrt

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 17KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 17KB