c52a0fbb4b1bca0a0a058e68296f4ce1

Sharing

Copy URL Twitter E-mail

General

Target

c52a0fbb4b1bca0a0a058e68296f4ce1
Size

144KB
MD5

c52a0fbb4b1bca0a0a058e68296f4ce1
SHA1

55d509212807bbb4423680ca2de48f131a86057d
SHA256

5b193830448b29e098f25b3f64c31d0884e971a7bf58c91676ca029c9034c035
SHA512

d043234488d0c3809c71a21747c18ef6ff8d0d5608350dc0e650b120e1d996f023343299a0c87fdc9ea9517632733f35cf8270ae0bbb3a0adc82ffb0716efa83
SSDEEP

1536:jXT9v2mjiEq8+n3g8M828slGDN1URU4pkOn43hDV3aMEDVaMcpkm:jD9v2mQ8+v/icDIRUXg43h0MMV9S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c52a0fbb4b1bca0a0a058e68296f4ce1

Files

c52a0fbb4b1bca0a0a058e68296f4ce1
.exe windows:5 windows x86 arch:x86

032dee8197f78a06cca0ce5813ccf9ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCW
PathRemoveBackslashW
wnsprintfW
UrlCanonicalizeW
AssocQueryStringW
SHDeleteKeyW
PathStripToRootW
StrCmpW
UrlUnescapeW
PathIsDirectoryW
StrToIntExW
PathCombineW
StrCmpIW
wnsprintfA
StrTrimW
StrStrIW
PathRemoveFileSpecA
StrChrW

comdlg32

ChooseColorW
GetSaveFileNameA
ChooseFontW
GetFileTitleA
CommDlgExtendedError

ole32

StgOpenStorage
CoSetProxyBlanket
PropVariantClear
OleLoadFromStream
CLSIDFromProgID
StringFromGUID2
CoTaskMemRealloc
CoFreeUnusedLibraries
MkParseDisplayName
CoRevokeClassObject
OleRun
CoUninitialize
IIDFromString
WriteClassStm
CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstanceEx
CoCreateGuid
CLSIDFromString
OleRegEnumVerbs
CoInitialize
GetRunningObjectTable
CoInitializeEx

msvcrt

wcscpy
fwrite
isalpha
rand
_ltoa
_isatty
__p__commode
_itow
_XcptFilter
sscanf
wcsstr
strtok
_fileno
towlower
_CIsqrt
fread
_c_exit
_wcsicmp
??1type_info@@UAE@XZ
__set_app_type
ceil
towupper

kernel32

IsBadCodePtr
SizeofResource
GetExitCodeProcess
GetUserDefaultLCID
lstrlenA
WriteConsoleW
ExitProcess
lstrcpyA
GetCurrentThreadId
GetConsoleOutputCP
GetLocalTime
FileTimeToSystemTime
GetCPInfo
HeapSize
InitializeCriticalSectionAndSpinCount
FindResourceW
DeleteCriticalSection
FreeEnvironmentStringsW
MapViewOfFile
GetStringTypeW
VirtualAlloc
DisableThreadLibraryCalls
GetTempPathA
GetFullPathNameW
TlsFree
IsBadReadPtr
InterlockedCompareExchange
FindNextFileW
GetProcAddress
GetFileSize
HeapDestroy

Sections

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 47KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

032dee8197f78a06cca0ce5813ccf9ac

Headers

File Characteristics

Imports

shlwapi

comdlg32

ole32

msvcrt

kernel32

Sections

.rdata Size: 8KB - Virtual size: 8KB

.text Size: 9KB - Virtual size: 8KB

DATA Size: 29KB - Virtual size: 29KB

.rdata Size: 48KB - Virtual size: 62KB

.idata Size: 47KB - Virtual size: 94KB

.rdata
Size: 8KB - Virtual size: 8KB

.text
Size: 9KB - Virtual size: 8KB

DATA
Size: 29KB - Virtual size: 29KB

.rdata
Size: 48KB - Virtual size: 62KB

.idata
Size: 47KB - Virtual size: 94KB