d5daa9a88ec81b64b3ea7658af28a508

Sharing

Copy URL Twitter E-mail

General

Target

d5daa9a88ec81b64b3ea7658af28a508
Size

116KB
MD5

d5daa9a88ec81b64b3ea7658af28a508
SHA1

4df34a9c1aed2f9a812bea69d5ad89f158ef8194
SHA256

fca98091ee66e9a1acd0340078b5fab930877d4a8cb6d47b0d735eaacfe8ea97
SHA512

6f89df4c3d89e2e745dacb1882d0955f09a44d834c97de7b6f184ea4df36d64ff3bfbd99ea2dff05b6fa7cdbd84078e4080c37fb08154d685819f95c981e9f84
SSDEEP

3072:Vi9wOZksdG7jWmJsaWEcPbV3kilqcL30JncQ0us3:Cg7j/Ca+bV3vD30J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5daa9a88ec81b64b3ea7658af28a508

Files

d5daa9a88ec81b64b3ea7658af28a508
.exe windows:5 windows x86 arch:x86

220a39ba62350d14cbe39da413211251

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
SetFilePointer
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
WriteFile
GetCurrentThread
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
FlushFileBuffers
CompareStringW
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
WideCharToMultiByte
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetTimeZoneInformation
GetLocaleInfoW
GetStartupInfoA
CompareStringA
CreateFileW
PulseEvent
GetSystemPowerStatus
lstrcmpiW
TerminateThread
GetSystemDirectoryW
GetCurrentThreadId
GetLastError
GetVersionExW
SetEvent
InitializeCriticalSection
CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
GetUserDefaultLangID
GetThreadLocale
GetTickCount
LocalAlloc
lstrlenW
SetLastError
FreeLibrary
LoadLibraryW
CreateThread
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
FormatMessageW
LocalFree
GlobalFree
CreateProcessW
WaitForSingleObject
CloseHandle
lstrcatW
Sleep
GetModuleHandleW
GetProcAddress
lstrcpyW
GetFileType
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
FatalAppExitA
ExitProcess
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
SetEnvironmentVariableA

user32

GetDesktopWindow
SystemParametersInfoW
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetUserObjectInformationW
PostQuitMessage
DefWindowProcW
RegisterClassExW
CreateWindowExW
GetMessageW
DispatchMessageW
CloseWindow
PostThreadMessageW
GetWindowThreadProcessId
GetThreadDesktop
OpenDesktopW
OpenInputDesktop
SetThreadDesktop
CloseDesktop
OpenWindowStationW
SetProcessWindowStation
GetWindowRect
wsprintfW
GetLastInputInfo
ChangeDisplaySettingsExW
GetTopWindow
GetWindow
GetClassNameW
PostMessageW
EnumDisplaySettingsW
IsRectEmpty
FindWindowExW
GetCursorPos
GetForegroundWindow
SetCursorPos
SendMessageW
SetWindowPos
GetDC
ReleaseDC
SubtractRect
InvalidateRect
GetSystemMetrics
IntersectRect
FindWindowW

gdi32

CreateDCW
DeleteDC
ExtEscape

advapi32

CreateServiceW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
ConvertStringSidToSidW
FreeSid
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyExW
IsValidSid
RegGetKeySecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetAce
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
CloseServiceHandle
RegOverridePredefKey
CreateProcessAsUserW
GetTokenInformation
LookupAccountSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

userenv

LoadUserProfileW
UnloadUserProfile

powrprof

CallNtPowerInformation

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

220a39ba62350d14cbe39da413211251

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

userenv

powrprof

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 8KB - Virtual size: 4KB