d50eb6ac48c4f15ca7d58154faaca091cbce0f9cce65258b2dc058ba20e2a9af

Sharing

Copy URL Twitter E-mail

General

Target

d50eb6ac48c4f15ca7d58154faaca091cbce0f9cce65258b2dc058ba20e2a9af
Size

2.2MB
MD5

d9686c00d919d300055923f450fed573
SHA1

08224a43d79b9cbec5f7a31ba893af9bfb4d321a
SHA256

d50eb6ac48c4f15ca7d58154faaca091cbce0f9cce65258b2dc058ba20e2a9af
SHA512

118472d1543d39a0b3e15f0506cec8f1a8ce14ab8e40a1087c84f4754c06728d7d30c9345f59b7b898156087939d9221e28187c340a0b71bc55ccd95e921d5ee
SSDEEP

49152:HGb0dh9eITG7dfWnByb1Tjr4mubO8OP47Nrs2Dsb9d0rlFQmLT3:mb0z9eIT8deAbxjr4m8V7NrV4+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d50eb6ac48c4f15ca7d58154faaca091cbce0f9cce65258b2dc058ba20e2a9af

Files

d50eb6ac48c4f15ca7d58154faaca091cbce0f9cce65258b2dc058ba20e2a9af
.exe windows:5 windows x86 arch:x86

514f19b7802fce2e214f36fe79a66707

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
SHDeleteKeyW

kernel32

QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetPrivateProfileIntW
WritePrivateProfileStringW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameW
GetLongPathNameW
CreateDirectoryW
SetFileAttributesW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetFileSize
ReadFile
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
lstrcpyW
GetFileAttributesExW
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
Sleep
GetLogicalDriveStringsW
GetCurrentProcess
GetVolumeInformationW
GetTickCount
GetVersionExW
ReleaseMutex
CreateMutexW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
RtlUnwind
EncodePointer
SetLastError
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetStartupInfoW
SetUnhandledExceptionFilter
SetConsoleMode
ReadConsoleInputA
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToFileTime
GetSystemTime
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetPrivateProfileStringW
TerminateProcess
OpenProcess
GetTempPathW
CreateThread
lstrlenW
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
QueryPerformanceFrequency
IsProcessorFeaturePresent
ExitProcess
FindClose
GetSystemDirectoryW
LoadLibraryW
CloseHandle
GetProcAddress
FreeLibrary
QueryDosDeviceW
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
SleepEx
InitializeCriticalSection
GetFileAttributesExA
FormatMessageA

advapi32

CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
RegOpenKeyW
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
CryptGetUserKey
CryptExportKey
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
CloseServiceHandle
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExA
RegEnumKeyW
CryptCreateHash
CryptDecrypt
DeregisterEventSource

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

user32

LoadStringW
wsprintfW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

crypt32

CertOpenStore
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

wldap32

ord301
ord200
ord30
ord35
ord143
ord22
ord41
ord26
ord27
ord79
ord217
ord32
ord50
ord60
ord211
ord46
ord33

ws2_32

htonl
gethostbyname
getservbyname
shutdown
send
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
bind
closesocket
connect
recv

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 45KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

514f19b7802fce2e214f36fe79a66707

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

ole32

user32

crypt32

psapi

wldap32

ws2_32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 401KB - Virtual size: 401KB

.data Size: 45KB - Virtual size: 70KB

.gfids Size: 512B - Virtual size: 428B

.rsrc Size: 203KB - Virtual size: 202KB

.reloc Size: 144KB - Virtual size: 148KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 401KB - Virtual size: 401KB

.data
Size: 45KB - Virtual size: 70KB

.gfids
Size: 512B - Virtual size: 428B

.rsrc
Size: 203KB - Virtual size: 202KB

.reloc
Size: 144KB - Virtual size: 148KB