c652af9a054e4952968e989eb012e97e

Sharing

Copy URL Twitter E-mail

General

Target

c652af9a054e4952968e989eb012e97e
Size

92KB
MD5

c652af9a054e4952968e989eb012e97e
SHA1

6edf5533ecc414ec375fd818b373a916b5c326b6
SHA256

97e63256b50eda2f2fd3e53b7288f8943c1466ef1366c39e3a4db4ee7c5b62e8
SHA512

d62e301c1f468b96e75a0b6553db761c26c36536e37506637d2083c1b55450c8449bef17169d9a1c6f705feee5b7e1aad9930f22cbe307b89c343fc0f5fab35b
SSDEEP

1536:X5xrIzlrMqqXmunjlCByKHVkhYBc2RvFN8DoQzmi7chtkaLY7L0ZYEXBsC7:XrZqqZjlCBhQYi638DbnaLUL0ZTXBs+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c652af9a054e4952968e989eb012e97e

Files

c652af9a054e4952968e989eb012e97e
.exe windows:5 windows x86 arch:x86

68e85f4305648b0035dbab90bfc11728

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteDC
DeleteObject
BitBlt
GetBkMode
GetDeviceCaps
GetMapMode
GetObjectA
GetObjectType
GetObjectW
GetStockObject
GetTextColor
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
LPtoDP
CreateDCA
RestoreDC
SaveDC
SelectObject
SetBkMode
SetMapMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
CreateFontIndirectA
CreateFontIndirectW

kernel32

DeleteCriticalSection
DeleteTimerQueueEx
DisableThreadLibraryCalls
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindResourceW
FreeLibrary
GetACP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GetVersionExW
CloseHandle
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryExW
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
SetLastError
CreateFileMappingA
SetUnhandledExceptionFilter
SizeofResource
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW

ole32

CoTaskMemFree
CoUninitialize
CreateBindCtx
CreateStreamOnHGlobal
FreePropVariantArray
CoCreateInstance
CoCreateInstanceEx
MkParseDisplayName
PropVariantClear
StgCreatePropStg
StgOpenPropStg
StringFromCLSID
StringFromGUID2
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoRegisterClassObject
CLSIDFromString
CoAddRefServerProcess
CoRevertToSelf
CoRevokeClassObject
CoSuspendClassObjects
CoTaskMemAlloc

ntdll

NtQueryInformationToken
RtlConvertSidToUnicodeString
RtlCopySid
RtlLengthSid

Sections

.text
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68e85f4305648b0035dbab90bfc11728

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

ole32

ntdll

Sections

.text Size: 4KB - Virtual size: 796B

.rdata Size: 4KB - Virtual size: 482B

.data Size: 68KB - Virtual size: 68KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 796B

.rdata
Size: 4KB - Virtual size: 482B

.data
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 12KB - Virtual size: 12KB