c53cf960278360c3b7c4867fba38ff76

Sharing

Copy URL Twitter E-mail

General

Target

c53cf960278360c3b7c4867fba38ff76
Size

464KB
MD5

c53cf960278360c3b7c4867fba38ff76
SHA1

f64ab4be135517f530c322c0d81d28573f2d3b5f
SHA256

e4233efc3a129702a39b1b0b08cb13d9b63e400d01303117665c981509296049
SHA512

2bd1df6bd783e831b13a9823b1228478ccd88f28cb4b0239bee9e86c65110a0ef54d3835b07c1518094ec27e1c460ae299a33c1b335ddcc4213e60d0cbc8801d
SSDEEP

12288:tT6R1CYsAG76/t3QeCmCIw8uQnZQEitkDMPckh:tEwSt3QeCmCJ8VadMM0kh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c53cf960278360c3b7c4867fba38ff76

Files

c53cf960278360c3b7c4867fba38ff76
.exe windows:4 windows x86 arch:x86

b6320d24588effa51c331f2a9369af89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcrt

wcscpy
swprintf
_purecall
wcsncpy
_wtol
_wcsnicmp
iswprint
wcschr
wcscmp
strtoul
malloc
_itow
memmove
_stricmp
wcslen
_vsnwprintf
strtok
_wcsicmp
free
_except_handler3
_initterm
_ltow
wcsrchr
_adjust_fdiv
iswspace
wcscat

advapi32

RegSetValueExA
GetUserNameW
AllocateAndInitializeSid
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyA
EqualSid
RegEnumValueW
OpenServiceW
GetTokenInformation
LockServiceDatabase
RegCreateKeyExA
OpenSCManagerW
RegCloseKey
RegOpenKeyExW
CryptAcquireContextA
CryptDestroyKey
CryptGetUserKey
RegEnumKeyExA
CryptGetKeyParam
ChangeServiceConfigA
OpenProcessToken
RegEnumValueA
RegSetValueExW
RegQueryValueExW
CryptSetProvParam
FreeSid
RegQueryValueExA
CloseServiceHandle
RegOpenKeyExA
ControlService
CryptReleaseContext
OpenThreadToken
CryptAcquireContextW
QueryServiceStatus
StartServiceA
QueryServiceConfigA
CryptGetProvParam
UnlockServiceDatabase
StartServiceW
DuplicateToken

gdi32

SelectPalette
CreateCompatibleDC
GetDeviceCaps
SelectObject
SetBkColor
CreateFontIndirectW
CreateBitmap
SetPixel
CreateCompatibleBitmap
GetBkColor
CreatePalette
BitBlt
DeleteObject
CreateFontIndirectA
CreateDIBitmap
DeleteDC
RealizePalette
GetObjectW
GetTextExtentPoint32W
GetObjectA

netapi32

NetApiBufferFree
DsGetDcNameW
NetGetDCName

kernel32

WideCharToMultiByte
LocalReAlloc
GlobalLock
GetDateFormatA
ExpandEnvironmentStringsW
LocalAlloc
LoadResource
GetLastError
CompareStringW
GetDateFormatW
GetFileSize
DelayLoadFailureHook
LocalFree
FindResourceA
GlobalFree
Sleep
MapViewOfFile
lstrcmpA
LeaveCriticalSection
UnmapViewOfFile
QueryPerformanceCounter
LoadLibraryExA
GetComputerNameExW
GetTimeFormatA
SetLastError
TerminateProcess
CompareFileTime
GetModuleHandleA
GlobalUnlock
GetTickCount
FileTimeToLocalFileTime
DeleteCriticalSection
lstrlenA
UnhandledExceptionFilter
SystemTimeToFileTime
SetUnhandledExceptionFilter
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentProcessId
CreateFileMappingA
GlobalAlloc
lstrcpyA
LockResource
SetFilePointer
GetProcAddress
SetEndOfFile
InterlockedCompareExchange
LoadLibraryA
OutputDebugStringA
DisableThreadLibraryCalls
CompareStringA
MulDiv
FreeResource
lstrcatA
GetLocalTime
CreateFileA
GetCurrentThread
InitializeCriticalSection
CreateFileW
CloseHandle
MultiByteToWideChar
GetACP
GetCurrentProcess
FormatMessageW
GetComputerNameW
ExpandEnvironmentStringsA
GetTimeFormatW
GetCurrentThreadId
EnterCriticalSection
GetUserDefaultLCID
GetVersionExA
lstrlenW
GetModuleHandleW
DeleteFileW
GetSystemTimeAsFileTime
FreeLibrary
WriteFile
FileTimeToSystemTime
LoadLibraryW

wintrust

WTHelperGetProvSignerFromChain
TrustIsCertificateSelfSigned
WintrustGetDefaultForUsage
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetKnownUsages
WinVerifyTrustEx

crypt32

CertSetEnhancedKeyUsage
CryptMsgControl
CertGetCertificateContextProperty
CertFindCTLInStore
CertGetStoreProperty
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertGetCTLContextProperty
CertGetSubjectCertificateFromStore
CertGetCertificateChain
CertFindAttribute
CertSetCTLContextProperty
CryptMsgVerifyCountersignatureEncoded
CryptMsgGetParam
CertCompareCertificate
CertSetCertificateContextProperty
CertEnumSystemStore
CryptInitOIDFunctionSet
PFXVerifyPassword
CryptAcquireCertificatePrivateKey
CertSaveStore
CertCreateCertificateChainEngine
CertAddCRLContextToStore
CryptFindOIDInfo
CertFindExtension
CertCreateCertificateContext
CertFreeCTLContext
CryptGetDefaultOIDFunctionAddress
CertGetCRLFromStore
CryptEnumOIDInfo
CryptMsgUpdate
CertEnumCTLsInStore
CertFindCRLInStore
CryptFindLocalizedName
CryptGetDefaultOIDDllList
CryptFreeOIDFunctionAddress
CertDeleteCertificateFromStore
CertAddCTLContextToStore
CertCloseStore
CryptBinaryToStringA
CertGetValidUsages
CertDuplicateStore
CryptFindCertificateKeyProvInfo
CertGetPublicKeyLength
CertOpenStore
CertGetEnhancedKeyUsage
CertVerifyTimeValidity
CertFindCertificateInStore
CertFreeCertificateContext
CryptSIPRetrieveSubjectGuid
PFXExportCertStore
CertDuplicateCertificateContext
PFXExportCertStoreEx
CryptMsgEncodeAndSignCTL
CryptDecodeObject
CertFreeCRLContext
PFXImportCertStore
CryptMsgOpenToDecode
CryptMsgDuplicate
CertEnumPhysicalStore
CryptMsgClose
CertNameToStrW
CertCreateCTLContext
CertGetNameStringW
CertAddCertificateContextToStore
CryptFormatObject
CryptEncodeObject
CryptQueryObject
CertFreeCertificateChain
CryptDecodeObjectEx

ntdll

NtAllocateVirtualMemory
NtFilterToken

shlwapi

StrCmpNIW
PathUndecorateW
PathFindFileNameW

dhcpcsvc

DhcpRegisterOptions

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

rpcrt4

UuidToStringA
RpcBindingFree
NdrClientCall2
RpcStringFreeA
RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcEpResolveBinding
UuidCreate
RpcStringBindingComposeA

user32

DrawIcon
GetClientRect
InvalidateRect
GetDlgItemInt
DestroyWindow
MonitorFromWindow
ReleaseDC
SetCursor
LoadIconA
SendDlgItemMessageW
EndPaint
DrawTextExW
DrawFocusRect
GetWindowDC
SetWindowTextW
DestroyIcon
SetDlgItemInt
SystemParametersInfoA
LoadStringA
CallWindowProcA
SetClassLongA
GetFocus
DialogBoxParamW
MapDialogRect
IsWindowEnabled
GetWindowLongW
SetDlgItemTextW
GetUpdateRect
LoadCursorW
EndDialog
LoadStringW
RegisterClipboardFormatA
PostMessageA
PostMessageW
GetWindow
GetWindowRect
SetFocus
SendDlgItemMessageA
MoveWindow
MessageBoxExW
CopyRect
MessageBoxW
GetSysColor
SetWindowLongA
UpdateWindow
IsDlgButtonChecked
CreateWindowExA
GetSysColorBrush
SendMessageW
SetWindowPos
FillRect
WinHelpW
SetWindowLongW
GetWindowTextW
CreateWindowExW
SetRect
GetMonitorInfoW
CheckRadioButton
IsWindowVisible
GetDC
GetDesktopWindow
LoadBitmapW
PeekMessageA
GetDialogBaseUnits
GetWindowLongA
wsprintfA
GetDlgItemTextW
ReleaseCapture
GetDlgItem
EnableWindow
SendMessageA
GetNextDlgTabItem
SetWindowTextA
GetDlgItemTextA
MapWindowPoints
GetParent
ShowWindow
LoadCursorA
BeginPaint
SetCapture

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6320d24588effa51c331f2a9369af89

Headers

File Characteristics

Imports

version

msvcrt

advapi32

gdi32

netapi32

kernel32

wintrust

crypt32

ntdll

shlwapi

dhcpcsvc

wininet

rpcrt4

user32

Sections

.text Size: 350KB - Virtual size: 349KB

.data Size: 18KB - Virtual size: 944KB

.rsrc Size: 85KB - Virtual size: 85KB

.rdata Size: 9KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 350KB - Virtual size: 349KB

.data
Size: 18KB - Virtual size: 944KB

.rsrc
Size: 85KB - Virtual size: 85KB

.rdata
Size: 9KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 20B