c5ad5392829a943bb3b301aa2d6be8a7

Sharing

Copy URL

Twitter E-mail

General

Target

c5ad5392829a943bb3b301aa2d6be8a7
Size

116KB
MD5

c5ad5392829a943bb3b301aa2d6be8a7
SHA1

dd25320cb851b011f8951f290028d24828310083
SHA256

e492c5f8ccb256fc41745c3b9f4604a960591ae90460adeff7ceca63073c5b81
SHA512

881f7d293a995f81e617babb73f254d1b3aae0226679d136e5bbd4be694e47a3159ade075c1e1652d10f0a12703d1b5de728615b8e8b5e34c52044c37adfb314
SSDEEP

1536:Rw+1rG2FI4mzz1rghimCdK1C670lZbGabiYTUNI88cr3JleU0IxGw0:p1rGcAE11XaWYTUecdleJIxGw0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5ad5392829a943bb3b301aa2d6be8a7

Files

c5ad5392829a943bb3b301aa2d6be8a7
.exe windows:5 windows x86 arch:x86

a0d1eeb50586e3727b22918b38cefa9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bitsadmin.pdb

Imports

msvcrt

?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
_cexit
_XcptFilter
_exit
_c_exit
strncpy
_stricmp
wcsstr
wcscmp
_finite
_ftol
floor
_wcsicmp
_CxxThrowException
ungetc
getc
_wfopen
__CxxFrameHandler
swscanf
wcstok
mbstowcs
wcslen
wcstol
wcschr
wcstoul
iswxdigit
_wsetlocale
exit
_vsnwprintf

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateServiceW
ChangeServiceConfig2W
DeleteService
StartServiceW
ControlService
QueryServiceStatus
QueryServiceStatusEx
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueA
AllocateAndInitializeSid
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
LookupAccountSidW

kernel32

GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
CompareStringA
CompareStringW
lstrcmpiW
GetFileAttributesW
GlobalAlloc
OpenMutexA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcpynW
CreateDirectoryW
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
WriteFile
WriteConsoleW
LocalFree
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedIncrement
LoadLibraryW
lstrlenW
ReadConsoleInputW
SleepEx
InterlockedDecrement
GetCurrentThreadId
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetThreadLocale
CloseHandle
SetConsoleCtrlHandler
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetStdHandle
SetThreadLocale
GetUserDefaultLCID
GetConsoleOutputCP
SetLastError
SetConsoleCursorPosition
LocalAlloc
GetConsoleMode
GetFileType
GetNumberOfConsoleInputEvents
SetConsoleTextAttribute
EnterCriticalSection
SetConsoleMode
GetLastError
LeaveCriticalSection
GetConsoleScreenBufferInfo
GetSystemTimeAsFileTime
TerminateProcess
Sleep
QueueUserAPC
FormatMessageW
InitializeCriticalSection
ReleaseMutex

ole32

CLSIDFromString
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoGetClassObject

user32

SetTimer
KillTimer
DispatchMessageW
PostThreadMessageW
MsgWaitForMultipleObjectsEx
LoadStringW
PeekMessageW
TranslateMessage

advpack

GetVersionFromFileEx

shell32

SHGetFolderPathW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0d1eeb50586e3727b22918b38cefa9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

user32

advpack

shell32

version

Sections

.text Size: 113KB - Virtual size: 112KB

.data Size: 1024B - Virtual size: 81KB

.rsrc Size: 1024B - Virtual size: 948B

.text
Size: 113KB - Virtual size: 112KB

.data
Size: 1024B - Virtual size: 81KB

.rsrc
Size: 1024B - Virtual size: 948B