b54385cac7c7603add2cb77231e41c1b

Sharing

Copy URL

Twitter E-mail

General

Target

b54385cac7c7603add2cb77231e41c1b
Size

881KB
MD5

b54385cac7c7603add2cb77231e41c1b
SHA1

db31ba72546dbe482780a7bfb7ef78a0b71be588
SHA256

52ad041c41c1b4669ed463c47cf66e6a3e63ed90130838b4661940d1e82774e3
SHA512

339eb019fde04bb24363a9a222fecb27de57fb82906fb01773a0c8e36ec219e2243541229b314f287c89242ed9e2e0d0b1ac78014bbaf6fd93919e34d21881fe
SSDEEP

12288:1QFPuq4zGk02X49/H05yyTpNjrQlAwVlAwL3m5YVdh1Dshk1+bDdy7:cuq8X4FH0MyTpNjMlhlQu3yZy7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b54385cac7c7603add2cb77231e41c1b

Files

b54385cac7c7603add2cb77231e41c1b
.exe windows:5 windows x86 arch:x86

6795e293445dafc70853c5024da9df57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup

kernel32

CloseHandle
WritePrivateProfileStringA
CreateFileMappingW
MapViewOfFile
GetPrivateProfileStringA
ReadFile
IsBadWritePtr
EnterCriticalSection
GetCurrentProcess
lstrlenW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
CreateFileW
GetCurrentThreadId
FormatMessageW
GetLastError
GetCurrentThread
DeleteFileA
RaiseException
GetSystemInfo
LoadLibraryW
FileTimeToLocalFileTime
GetProcAddress
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetModuleHandleW
lstrcpyW
GetSystemTimeAsFileTime
GlobalMemoryStatus
IsBadReadPtr
GetPrivateProfileIntA
VirtualQuery
GetFileTime
SetUnhandledExceptionFilter
FileTimeToDosDateTime
WaitForSingleObject
CreateEventW
SetEvent
CreateProcessA
OpenEventA
TerminateProcess
CreateMutexA
CreateEventA
GetFileAttributesW
FreeLibrary
GetVersion
GetWindowsDirectoryA
CreateDirectoryA
lstrcpynA
MultiByteToWideChar
GlobalFree
GetLocalTime
WriteFile
SetEndOfFile
FindClose
GetFileAttributesA
TerminateThread
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
GetTickCount
OutputDebugStringA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Module32FirstW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCommandLineA
GetProcessHeap
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetACP
GetStdHandle
HeapFree
HeapReAlloc
HeapAlloc
FreeLibraryAndExitThread
ExitThread
GlobalAlloc
CreateFileA
lstrlenA
UnmapViewOfFile
GetModuleFileNameA
lstrcpyA
GetVersionExW
WriteConsoleW
ReadConsoleW
WideCharToMultiByte
HeapSize
SetStdHandle
CreateThread
GetModuleHandleExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
LoadLibraryExW
ExitProcess

user32

CharLowerA
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
EndDialog
RegisterClassExW
LoadAcceleratorsW
LoadStringW
ShowWindow
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
LoadIconW
LoadCursorW
PostQuitMessage
DialogBoxParamW
BeginPaint
EndPaint
wvsprintfW
MessageBoxA
wsprintfW
UpdateWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameW

dbghelp

MiniDumpWriteDump

psapi

GetModuleInformation

wininet

InternetSetOptionA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6795e293445dafc70853c5024da9df57

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

dbghelp

psapi

wininet

version

Sections

.text Size: 284KB - Virtual size: 283KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 8KB - Virtual size: 17KB

.gfids Size: 1024B - Virtual size: 572B

.rsrc Size: 235KB - Virtual size: 234KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.text
Size: 284KB - Virtual size: 283KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 8KB - Virtual size: 17KB

.gfids
Size: 1024B - Virtual size: 572B

.rsrc
Size: 235KB - Virtual size: 234KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB