c45e38ae494795adb6ccf3adc3eb734d

Sharing

Copy URL Twitter E-mail

General

Target

c45e38ae494795adb6ccf3adc3eb734d
Size

484KB
MD5

c45e38ae494795adb6ccf3adc3eb734d
SHA1

b87a0d5073e34865b9d94cd58c4ebb5317da4e14
SHA256

6763a8614d749240435afc92fbad1b1730cad709c50ca88d09d7f99660518992
SHA512

fcf3eb1f51bd87c9508a234f75e7b8c711c2ac5a177ec0a5480ffba5d02a1e6b89468699c853a4092ad8f1563e43e84db8a4ccce29ea4858978ee578b3e20f79
SSDEEP

6144:RRGH0u75S69USMyDPZYvSgL8mg7HHucJq6ojMKtfDuEmvrGInRXNl/OY1Xc:RRW0OfFSvSgL8mRodKpDu9/n/l+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c45e38ae494795adb6ccf3adc3eb734d

Files

c45e38ae494795adb6ccf3adc3eb734d
.exe windows:5 windows x86 arch:x86

50c0a4699493584e6fd1c146c36e6686

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapFree
ReadProcessMemory
SetFilePointer
GetModuleFileNameA
VirtualProtect
VirtualQuery
VirtualFree
VirtualAlloc
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcpyA
CreateEventA
CreateThread
CloseHandle
GetModuleHandleA
SetEvent
GetTickCount
WaitForSingleObject
WideCharToMultiByte
Sleep
FindResourceExA
FindResourceA
HeapAlloc
TerminateThread
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateFileA
DeleteFileA
GetCurrentProcessId
OpenMutexA
CreateMutexA
GetLastError
GetCommandLineA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetStartupInfoA
ExitProcess
GetModuleHandleW
RtlUnwind
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapDestroy
LocalAlloc
SetErrorMode
GetDriveTypeA
GetComputerNameA
GetProcessTimes
DosDateTimeToFileTime
TerminateProcess
MoveFileExA
GetTempFileNameA
CreateProcessA
GetExitCodeProcess
CreateToolhelp32Snapshot
Module32First
GetVolumeInformationA
GetLocaleInfoA
GetComputerNameExA
CreateDirectoryA
OpenProcess
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
Process32First
Process32Next
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetVersionExA
GetShortPathNameA
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrlenW
FlushInstructionCache
lstrcmpA
SetLastError
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetLocalTime
GetSystemTime
HeapReAlloc
WaitForMultipleObjectsEx
ResumeThread
ReleaseMutex
WriteFile
FileTimeToSystemTime
GetVersion
GetFileSize
GetCurrentDirectoryA
OutputDebugStringA
GetExitCodeThread
FreeLibrary
GetProcAddress
LoadLibraryA
DeviceIoControl
LocalFree

user32

GetWindowLongA
ReleaseDC
SetRect
GetDC
SystemParametersInfoA
GetWindowRect
DefWindowProcA
SetWindowLongA
FindWindowExA
SendMessageA
PostMessageA
RedrawWindow
ReleaseCapture
SetWindowPos
GetCursorPos
SetCursor
PtInRect
ScreenToClient
GetFocus
GetParent
EnumWindows
GetWindowThreadProcessId
GetClassNameA
GetClientRect
GetWindowTextA
CreateDialogParamA
GetDesktopWindow
SetDlgItemTextA
UnregisterClassA
PostThreadMessageA
IsWindow
GetClassInfoExA
RegisterClassExA
BeginPaint
FillRect
DrawTextA
EndPaint
SetCapture
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetSystemMenu
EnableMenuItem
GetSysColorBrush
FrameRect
MoveWindow
GetSysColor
LoadImageA
GetSystemMetrics
CharNextA
ClientToScreen
InvalidateRect
InvalidateRgn
IsChild
GetDlgItem
CallWindowProcA
DestroyAcceleratorTable
SetFocus
GetWindow
CreateAcceleratorTableA
SetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
AttachThreadInput
GetForegroundWindow
FindWindowA
InflateRect
SetTimer
KillTimer
BringWindowToTop
SetForegroundWindow

gdi32

CreateSolidBrush
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectA
SetBkMode
SetTextColor
PatBlt
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject

advapi32

RegQueryValueExA
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptVerifySignatureA
CryptImportKey
CryptCreateHash
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
OpenProcessToken
DuplicateTokenEx
ConvertSidToStringSidA
LookupAccountNameA

ole32

CLSIDFromString
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysStringLen
OleLoadPicture
SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveArgsA
UrlEscapeA
PathAddExtensionA
PathAppendA
PathQuoteSpacesA
PathFileExistsA
PathCombineA
PathStripPathA
PathRemoveExtensionA
PathFindExtensionA
PathUnquoteSpacesA
PathStripToRootA

ws2_32

WSACreateEvent
WSARecv
closesocket
WSASocketA
WSAEventSelect
WSASetEvent
WSACleanup
freeaddrinfo
getaddrinfo
WSASetLastError
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAResetEvent
WSAStartup
WSASend
WSAGetOverlappedResult
WSAConnect

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crepe
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50c0a4699493584e6fd1c146c36e6686

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

shlwapi

ws2_32

Sections

.text Size: 289KB - Virtual size: 289KB

.crepe Size: 5KB - Virtual size: 5KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 36KB - Virtual size: 36KB

.rsrc Size: 66KB - Virtual size: 66KB

.text
Size: 289KB - Virtual size: 289KB

.crepe
Size: 5KB - Virtual size: 5KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 66KB - Virtual size: 66KB