dea123cb87e491af11aef92669dd43ad

Sharing

Copy URL

Twitter E-mail

General

Target

dea123cb87e491af11aef92669dd43ad
Size

339KB
MD5

dea123cb87e491af11aef92669dd43ad
SHA1

58438ad0c30003809bb78a683dd79697797f8a22
SHA256

9e69a3f34460f642544cbd7dd870653e3dfb442642cc46742374aafbdb68e39f
SHA512

48f0d94a461f2e013a2d68a341169e2090c328d6b5b04234d190a26c34f301ce1a33bf17615ae42951c11b977bdaeca42c18b34854d06185844a152049916821
SSDEEP

6144:iWtCcC+/UAzbtYGaHvzIO+RO6koFAwszwbekdI5hTcthwT:5CcjUA3iGaPUO+ROh1hawT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dea123cb87e491af11aef92669dd43ad

Files

dea123cb87e491af11aef92669dd43ad
.exe windows:5 windows x86 arch:x86

fd87edd39d592e4da3cc15ae61c84554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cryptdlg.pdb

Imports

msvcrt

wcsstr
_adjust_fdiv
wcscat
wcschr
_wtol
memmove
mktime
wcsncpy
malloc
_initterm
memcpy
free
_wcsicmp
_except_handler3
time
memset
_errno
mbstowcs
wcscmp
wcscpy
wcslen

ntdll

NtDeleteKey
NtGetDevicePowerState
NtQueryIoCompletion
NtQueryObject
NtFlushBuffersFile
NtQueryMultipleValueKey
RtlLengthSid

kernel32

SetEvent
DeleteCriticalSection
IsDebuggerPresent
GetModuleHandleA
QueryPerformanceCounter
GlobalFree
SetFileAttributesA
LoadLibraryA
GetStdHandle
GetCurrentThreadId
FindFirstFileA
CreateEventA
lstrlenA
GetCurrentProcessId
CreateFileA
OpenSemaphoreA
InterlockedExchange
TlsGetValue
GetSystemTimeAsFileTime
GlobalAlloc
TerminateProcess
CreateMutexW
FindResourceW
GetCurrentProcess
GetSystemDefaultUILanguage
GetAtomNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentStringsA
SetFilePointer
DisableThreadLibraryCalls
WaitForSingleObject
CloseHandle
InterlockedDecrement
ResetEvent
WaitForMultipleObjects
GetModuleFileNameA
CreateSemaphoreW
HeapDestroy
GetConsoleCP
OpenMutexW
HeapFree
CreateEventW
InitializeCriticalSection
FindResourceExW
GetCommandLineW
CreateMutexA
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetSystemDefaultLCID
FindAtomA
FreeLibrary
lstrlenW
CreateSemaphoreA
GetLastError
LocalAlloc
OpenEventA
LCMapStringW
TlsSetValue
GetComputerNameW
GetSystemDefaultLangID
WideCharToMultiByte
GetLogicalDrives
LoadLibraryExA
InterlockedIncrement
GetStartupInfoA
GlobalMemoryStatusEx
MultiByteToWideChar
Sleep
CreateThread
TlsFree
GetCurrentDirectoryA
LocalFree
EnterCriticalSection
FormatMessageW
LeaveCriticalSection
PulseEvent
AddAtomA
ReadFile
HeapAlloc
GetUserDefaultLCID
GetProcessHeap
GetOEMCP
DeviceIoControl
GetComputerNameExW
SetLastError
FindClose
DeleteFileA
FindNextFileA
TlsAlloc
CreateFileW

rpcrt4

RpcServerInqDefaultPrincNameW
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
RpcEpUnregister
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingInqAuthClientW
RpcStringFreeW
NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf
UuidCreate
I_RpcBindingIsClientLocal
RpcServerRegisterAuthInfoW

advapi32

AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
InitializeAcl
GetLengthSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegOpenKeyExA
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegQueryInfoKeyA
RegisterServiceCtrlHandlerExW
AddAccessAllowedAce

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo
GetIpAddrTable
NhGetInterfaceNameFromGuid
GetInterfaceInfo

ws2_32

WSAIoctl
WSAEventSelect
WSACreateEvent
WSASocketW

user32

CountClipboardFormats
GetCursor
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
SendMessageA
LoadStringW
GetClipboardOwner
GetSystemMetrics
EnumWindows
PostQuitMessage
FindWindowExA
FindWindowA
RegisterClassExA
GetMessageA
DestroyWindow
DefWindowProcA
LoadCursorA
CreateWindowExA
wsprintfW

crypt32

CertStrToNameW

userenv

RefreshPolicy

netapi32

NetApiBufferFree
DsGetDcNameW

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd87edd39d592e4da3cc15ae61c84554

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

rpcrt4

advapi32

iphlpapi

ws2_32

user32

crypt32

userenv

netapi32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 186KB - Virtual size: 199KB

.bss Size: - Virtual size: 39KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 186KB - Virtual size: 199KB

.bss
Size: - Virtual size: 39KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 3KB