9c5c5d411a7db1adf3b0d15aed9204b4

Sharing

Copy URL Twitter E-mail

General

Target

9c5c5d411a7db1adf3b0d15aed9204b4
Size

330KB
MD5

9c5c5d411a7db1adf3b0d15aed9204b4
SHA1

506f100adb9a9b71cb60ccaa0735c28641152078
SHA256

8814afa27cbc5ffd60f356e138bfbf2d556c9b3e4a7776ff30f050a03f75f52b
SHA512

c8a44931b12ea498430559ec78a142b6378c226634da99915c44d3553035552d66e8bbbafb231aa54fe9bb3cf58bfa7966632c657871390db7a8fedf1b44fde0
SSDEEP

6144:dthPDN+ZSKLo1Wq0YM0PLh+/Xb6A3eKVE1OzX2oQkzeuNu:NLNbKLo1Wt/Y+/X73wvrT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c5c5d411a7db1adf3b0d15aed9204b4

Files

9c5c5d411a7db1adf3b0d15aed9204b4
.exe windows:5 windows x86 arch:x86

6ce2695b675eb029dd0a9e539719dc94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
LoadLibraryExW
GetUserDefaultLCID
Sleep
CreateThread
CreateEventW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
GetFileSize
CreateFileW
SetEndOfFile
ReadFile
WriteFile
DeleteFileW
GetLongPathNameW
RemoveDirectoryW
CreateDirectoryW
GetModuleFileNameW
FindClose
FindFirstFileW
SetFileAttributesW
CopyFileW
FindNextFileW
LocalFree
LocalAlloc
lstrlenA
GetTempPathW
GetFullPathNameW
GetDriveTypeW
SwitchToThread
TlsSetValue
CreateSemaphoreA
SetLastError
LoadLibraryW
lstrcmpiW
WaitForSingleObject
CloseHandle
FreeLibrary
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
SetFilePointer
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
TlsAlloc
InitializeCriticalSection
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
GetStartupInfoW
TerminateProcess
LoadLibraryA
GetFileType
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FindNextFileA
GetFileAttributesA
SetFileTime

user32

GetMessageW
MessageBoxW
LoadStringW
TranslateMessage
CharNextW
PostThreadMessageW
DispatchMessageW
EndPaint
SetActiveWindow
BeginPaint
UnpackDDElParam
ReuseDDElParam

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptGenRandom
CryptReleaseContext
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExW
RegOpenKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextW

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
CoResumeClassObjects

oleaut32

VarUI4FromStr
SafeArrayCreateVector
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VarR8FromDec

shlwapi

AssocQueryStringW

gdi32

EndPage
GetPolyFillMode
ModifyWorldTransform
EndDoc

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ce2695b675eb029dd0a9e539719dc94

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

gdi32

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 10KB - Virtual size: 9KB