b517f2b53aceedb899dc4e776defa7b8

Sharing

Copy URL Twitter E-mail

General

Target

b517f2b53aceedb899dc4e776defa7b8
Size

2.1MB
MD5

b517f2b53aceedb899dc4e776defa7b8
SHA1

1ec6ee655d9a52cad6b4d04690f7f0fc9fbecf53
SHA256

e545bdec5e180f72bfb29d020f8b79e72bdea8f21f531ec59cbac44acf238397
SHA512

2e64e7f9543a845edba47a3a54b0adce623dcce8d55cd14f0b28ade0ae5d5549162d065e0f49f77a3df41e53ca55623374f045b64d2eb24923185467a4ca13af
SSDEEP

49152:uprw1wdRCLtoVYaC7u7e4MjjAcXj8AP6kBXLfHFrbM5w:up01wdRCLtoVZqdjjAcwY9XLfBbMe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b517f2b53aceedb899dc4e776defa7b8

Files

b517f2b53aceedb899dc4e776defa7b8
.exe windows:5 windows x86 arch:x86

40e5571dca1f8845898a85b95ea1dec6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
GetTempPathA
LocalFree
WriteProcessMemory
CreateThread
GetFileSize
GetFileAttributesA
ReadFile
GetCompressedFileSizeA
Module32First
VirtualProtectEx
LoadLibraryA
VirtualProtect
Module32Next
CompareStringW
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapReAlloc
LocalAlloc
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetStringTypeW
SetLastError
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ExitProcess
GetModuleHandleW
HeapCreate
IsProcessorFeaturePresent
GetTimeZoneInformation
CreateFileMappingA
Process32Next
GetPrivateProfileStringA
VirtualAllocEx
EnterCriticalSection
CopyFileA
IsValidLocale
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
TerminateProcess
LeaveCriticalSection
SizeofResource
Sleep
TerminateThread
GetPrivateProfileIntA
OpenProcess
InitializeCriticalSection
GetSystemWow64DirectoryA
GetCommandLineA
GetWindowsDirectoryA
SetFileTime
CreateRemoteThread
GetCurrentThread
WaitForSingleObject
Process32First
GetCurrentProcess
LoadResource
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
HeapAlloc
RtlUnwind
RaiseException
UnmapViewOfFile
MapViewOfFile
FindResourceA
CreateFileA
GetCurrentProcessId
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
DeleteFileA
HeapFree
DeleteCriticalSection
DecodePointer
EncodePointer
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
SetEnvironmentVariableA

user32

SendMessageA
LoadIconA
MoveWindow
LoadCursorA
DestroyMenu
UpdateWindow
SetWindowTextA
InsertMenuA
GetSystemMetrics
ReleaseCapture
SystemParametersInfoA
DispatchMessageA
IsWindow
GetActiveWindow
CreatePopupMenu
EnumWindows
GetCursorPos
GetDesktopWindow
DefWindowProcA
ReleaseDC
CreateWindowExA
InvalidateRect
GetWindowPlacement
TranslateMessage
IsDialogMessageA
GetDC
BeginPaint
SetFocus
LoadBitmapA
SetForegroundWindow
SetCapture
TrackPopupMenu
PostQuitMessage
RegisterClassExA
MessageBoxA
GetWindowThreadProcessId
ShowWindow
EndPaint
ClientToScreen
DestroyWindow
GetMessageA
GetWindowRect

gdi32

CreateFontA
AddFontResourceExA
SetBkMode
DeleteObject
GetStockObject
CreateSolidBrush
SetTextColor

advapi32

FreeSid
OpenThreadToken
SetSecurityDescriptorGroup
AccessCheck
RegSetValueExA
RegCloseKey
AdjustTokenPrivileges
GetLengthSid
IsValidSecurityDescriptor
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateToken
RegQueryValueExA
OpenProcessToken

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

DeleteUrlCacheEntry
InternetCloseHandle
InternetReadFile
FtpOpenFileA
InternetOpenA
FtpGetFileSize
InternetConnectA

comctl32

ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Add

ws2_32

recv
setsockopt
htons
inet_addr
WSAStartup
inet_ntoa
connect
socket
closesocket
gethostbyname
send

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleFileNameExA

gdiplus

GdiplusStartup
GdipCloneImage
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFile
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipGetImageWidth

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40e5571dca1f8845898a85b95ea1dec6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

comctl32

ws2_32

version

psapi

gdiplus

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 17KB - Virtual size: 17KB