de4c3ca1c1e633e53eead610e23fe23c

Sharing

Copy URL Twitter E-mail

General

Target

de4c3ca1c1e633e53eead610e23fe23c
Size

897KB
MD5

de4c3ca1c1e633e53eead610e23fe23c
SHA1

eb3db2002dfbbb3e8cf1f7963494f2cc7dcce644
SHA256

27594b074804cbc8792e57af089f89535ca209302bcb8b10e008370d5ba6fc0b
SHA512

fae097e1106efd2edaacbff9e2d0db0e5e79411e7f94d76c5ec13500e87777edb19d0996f013a8bd90ae87b010c99f3f41216b136450a39c249425c76a526969
SSDEEP

24576:sWMllnPo2a9VFWpWgLNqtwyjQ2lzTrfvPknH7TAiF6oVd:WduVUwyyjjzTrfvPknH7TAiF6oVd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de4c3ca1c1e633e53eead610e23fe23c

Files

de4c3ca1c1e633e53eead610e23fe23c
.exe windows:5 windows x86 arch:x86

5e1db2790f9a8d52c4df7a6171a5bc22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Dev\Dev\ToolbarInstaller_v1.0\Release\ToolbarUpdater.pdb

Imports

wininet

HttpOpenRequestW
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetOptionW
InternetReadFile

kernel32

SizeofResource
GetProcAddress
LockResource
FindFirstFileW
CreateDirectoryW
SetLastError
FindClose
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
WaitForSingleObject
FindNextChangeNotification
CreateThread
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResetEvent
CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
FreeLibrary
LoadLibraryW
CreateProcessW
WriteFile
OpenProcess
FormatMessageW
GetVersionExW
GetExitCodeProcess
TerminateProcess
CreateFileW
GetEnvironmentVariableA
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LocalFree
CreateMutexW
OpenMutexW
ReleaseMutex
GetFileSize
SetFilePointer
GetFileAttributesW
ReadFile
InterlockedDecrement
GetFullPathNameW
GetFullPathNameA
CreateFileA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetFileAttributesA
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetStdHandle
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetCurrentProcess
InterlockedIncrement
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
IsDebuggerPresent
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
GetModuleFileNameA
GetTimeZoneInformation
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
LoadResource
FindResourceW
FindResourceExW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetEnvironmentVariableW
GetModuleFileNameW
WideCharToMultiByte
lstrlenW
SuspendThread
GetLastError
Sleep
CopyFileW
CloseHandle
FindFirstChangeNotificationA
FindCloseChangeNotification
lstrlenA
MultiByteToWideChar
ResumeThread
DeleteFileW
GetStartupInfoA
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetConsoleCP
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MoveFileW
GetLocaleInfoW
SetEnvironmentVariableA
GetCommandLineA
ExitProcess
WriteConsoleW
GetFileType
FormatMessageA
GetCurrentProcessId
GetTimeFormatA
GetDateFormatA

user32

EnumWindows
PostMessageW
GetClassNameW
IsWindow
wsprintfW

advapi32

CryptHashData
RegisterServiceCtrlHandlerW
SetServiceStatus
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
CryptAcquireContextW
CryptGetHashParam
StartServiceCtrlDispatcherW
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW

ole32

CoCreateGuid
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitialize

shell32

SHGetSpecialFolderPathW
SHGetFolderPathA

oleaut32

VariantClear
SysAllocString
SysFreeString

shlwapi

PathFileExistsW

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptMsgClose
CryptQueryObject

Sections

.text
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e1db2790f9a8d52c4df7a6171a5bc22

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

wintrust

crypt32

Sections

.text Size: 707KB - Virtual size: 707KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 707KB - Virtual size: 707KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 32KB