c5086b9ebb3c7f0539f89b0af286d6c6

Sharing

Copy URL Twitter E-mail

General

Target

c5086b9ebb3c7f0539f89b0af286d6c6
Size

454KB
MD5

c5086b9ebb3c7f0539f89b0af286d6c6
SHA1

643728cdf292404a39e00aab7ab83acd6879c427
SHA256

8d3c7b757dce8643ac885522f933324117337ca161067ea29ee2df011e70ea5d
SHA512

e363bd576c9c4aa26739488d31458cb67ab3d1068331a04d0ef6932de744fa1e74d4e90edea8cdfd337be519cce43d08312d6ba04a81ee6954ae0298c3258d3f
SSDEEP

12288:KImiw2RydBWF5ihg6fZqrIABY+COAABZ5YE8n:KJyaJfAIAqvOrBZKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5086b9ebb3c7f0539f89b0af286d6c6

Files

c5086b9ebb3c7f0539f89b0af286d6c6
.exe windows:4 windows x86 arch:x86

a4d1df02d826267253f9e2f809324798

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

SetUrlCacheEntryGroupA
InternetConfirmZoneCrossingA
FtpPutFileW
InternetWriteFileExA
HttpQueryInfoW
RegisterUrlCacheNotification
FindFirstUrlCacheGroup

advapi32

CryptVerifySignatureW
RegCreateKeyExA
CreateServiceW
CryptGenRandom
CryptGetHashParam
LookupPrivilegeNameW
CryptDuplicateKey
CryptAcquireContextW
CryptSetProviderW
RegCreateKeyW
RegLoadKeyW
CryptDuplicateHash

comdlg32

LoadAlterBitmap
GetSaveFileNameA
PrintDlgA
PrintDlgW
FindTextW
GetSaveFileNameW
ChooseColorA
ChooseFontW
ChooseColorW
PageSetupDlgA
ReplaceTextW
GetOpenFileNameA
ChooseFontA
GetFileTitleA
ReplaceTextA
PageSetupDlgW
GetOpenFileNameW

user32

OemToCharBuffW
CharPrevA
EnumDisplayMonitors
GetWindowThreadProcessId
TrackPopupMenu
CheckMenuRadioItem
IsCharUpperW
ReleaseCapture
ScrollWindow
InvertRect
DlgDirListComboBoxW
CopyRect
DdeQueryNextServer
MsgWaitForMultipleObjectsEx
CloseClipboard
GetMessageTime
ScreenToClient
DefWindowProcW
IsMenu

kernel32

WideCharToMultiByte
GetCurrentProcessId
HeapSize
IsBadWritePtr
SetHandleCount
QueryPerformanceCounter
GetTimeFormatA
TlsAlloc
EnterCriticalSection
GetTimeZoneInformation
DeleteCriticalSection
RtlUnwind
GetUserDefaultLCID
GetCurrentThread
OpenFileMappingW
IsValidCodePage
GetTickCount
UnhandledExceptionFilter
AddAtomW
GetEnvironmentStringsW
HeapDestroy
HeapReAlloc
GetACP
InterlockedExchange
GetCommandLineA
GetModuleHandleA
IsValidLocale
LCMapStringW
MultiByteToWideChar
GetOEMCP
WritePrivateProfileSectionW
WriteConsoleOutputCharacterW
FreeEnvironmentStringsW
GetVersionExA
GetStdHandle
InitializeCriticalSection
GetSystemTimeAsFileTime
GetProcAddress
GetLocaleInfoW
HeapAlloc
TlsSetValue
LeaveCriticalSection
GetModuleFileNameA
TlsGetValue
GetCPInfo
GetDateFormatA
GetLocaleInfoA
HeapFree
EnumSystemLocalesA
SetEnvironmentVariableA
GetFileType
GetEnvironmentStrings
HeapCreate
TerminateProcess
CompareStringW
GetCurrentProcess
VirtualQuery
VirtualProtect
TlsFree
GetStringTypeA
CompareStringA
FreeEnvironmentStringsA
GetStartupInfoA
LoadLibraryA
GetCurrentThreadId
GetLastError
ExitProcess
SetLastError
VirtualAlloc
VirtualFree
GetSystemInfo
WriteFile
GetStringTypeW
LCMapStringA

shell32

ExtractIconW
ExtractIconExW
DragQueryFileAorW
SheChangeDirA
FindExecutableW
SHFreeNameMappings
SHFileOperationA
SHFileOperation
DragAcceptFiles
ShellExecuteW
DuplicateIcon
SHAddToRecentDocs
ShellExecuteA
FindExecutableA
SHAppBarMessage
DragFinish
FreeIconList
DragQueryFile
DoEnvironmentSubstW

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4d1df02d826267253f9e2f809324798

Headers

File Characteristics

Imports

wininet

advapi32

comdlg32

user32

kernel32

shell32

Sections

.text Size: 144KB - Virtual size: 144KB

.data Size: 308KB - Virtual size: 307KB

.rsrc Size: 1024B - Virtual size: 952B

.text
Size: 144KB - Virtual size: 144KB

.data
Size: 308KB - Virtual size: 307KB

.rsrc
Size: 1024B - Virtual size: 952B