54810cbf549b551f7dfc738fa8343d9f680e78ec9a6aabd70c3dfd027adf895a

Sharing

Copy URL Twitter E-mail

General

Target

54810cbf549b551f7dfc738fa8343d9f680e78ec9a6aabd70c3dfd027adf895a
Size

3.2MB
MD5

9753412103322b6053c99ea02fb2864d
SHA1

551d89af7feb75ffe29b5d814030e6ef091f4b24
SHA256

54810cbf549b551f7dfc738fa8343d9f680e78ec9a6aabd70c3dfd027adf895a
SHA512

7cee087a983b551800ccb5ad16261395c3a95bc7fe945032f15660122c3575a844a7c20f0a2e45b4274e8bf320ba04d6e977527ca4bbcc1fa1acde5ca51c18de
SSDEEP

49152:vPaIOGsC8b8XQUJGxBb9jXQXjHY73TVyrgbt1xskLZdNsuHU5wSvN:nOG4AdGxBRV3hyraTxf32uE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54810cbf549b551f7dfc738fa8343d9f680e78ec9a6aabd70c3dfd027adf895a

Files

54810cbf549b551f7dfc738fa8343d9f680e78ec9a6aabd70c3dfd027adf895a
.exe windows:5 windows x86 arch:x86

dd0d79b18b25b2306fad0d65a90d56cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ChromeRecoveryProbe_unsigned.pdb

Imports

advapi32

RegDeleteValueW
RegOpenCurrentUser
SystemFunction036
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
ConvertSidToStringSidW
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW
GetSidSubAuthorityCount
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
GetSidIdentifierAuthority
MakeSelfRelativeSD
RegQueryValueExW
GetSecurityDescriptorLength
GetLengthSid
RegOpenKeyExW
InitializeAcl
AddAce
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
RegCloseKey
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
OpenThreadToken
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
InitializeSecurityDescriptor
OpenProcessToken
ImpersonateLoggedOnUser
EqualSid
GetAce
SetSecurityDescriptorOwner
GetAclInformation
RevertToSelf
SetSecurityDescriptorDacl
RegEnumValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
GetSecurityInfo

kernel32

InitializeSListHead
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
RtlUnwind
FreeLibrary
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCurrentThread
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
ReadFile
WriteConsoleW
lstrlenW
FormatMessageW
LocalFree
GetPrivateProfileIntW
OutputDebugStringA
SetFilePointer
ReleaseMutex
Sleep
GetFileInformationByHandle
GetLocalTime
lstrcmpW
GetTempPathW
GetSystemDirectoryW
VirtualQuery
WaitForMultipleObjects
GetFileAttributesW
LoadLibraryW
FileTimeToSystemTime
QueryPerformanceCounter
SystemTimeToFileTime
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
ResetEvent
LocalAlloc
OpenProcess
ProcessIdToSessionId
GlobalMemoryStatusEx
CreateProcessW
SetFileAttributesW
GetSystemTimeAsFileTime
MoveFileExW
GetFileSize
lstrcpynW
TryEnterCriticalSection
InitializeCriticalSection
CreateMutexW
SetEvent
GetLongPathNameW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
ReadProcessMemory
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryDosDeviceW
GetLogicalDriveStringsW
DeviceIoControl
GetComputerNameExW
GetStringTypeExW
GetUserDefaultLangID
GetSystemDefaultLangID
CreateThread
lstrcmpA
GetThreadLocale
GetStringTypeExA
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SizeofResource
FindFirstFileW
HeapFree
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
FindNextFileW
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
FindClose
HeapSize
GetLastError
GetFileAttributesExW
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
lstrcmpiW
CreateDirectoryW
WriteFile
RemoveDirectoryW
WaitForSingleObject
CreateFileW
DeleteFileW
CloseHandle
SetFilePointerEx
GetTempFileNameW
GetExitCodeProcess
GetCommandLineW
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentProcessId
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
VirtualQueryEx
CreateSemaphoreW
GetProcessId
ReleaseSemaphore
RtlCaptureContext

ole32

OleSaveToStream
ReadClassStm
WriteClassStm
IIDFromString
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
LoadTypeLi
VariantClear
VarBstrCmp
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantInit
SysFreeString
SafeArrayLock
SafeArrayGetVartype
SafeArrayCopy
SafeArrayGetLBound
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate

shell32

SHGetFolderPathW
CommandLineToArgvW
ord680

user32

CharLowerBuffW
CharLowerW
CharUpperW
CharNextA
CharLowerBuffA
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxW
wvsprintfW
wsprintfW

netapi32

NetWkstaGetInfo
NetApiBufferFree
NetGetJoinInformation

shlwapi

PathFindFileNameW
PathCommonPrefixW
PathRemoveExtensionW
PathRemoveFileSpecW
SHQueryValueExW
PathCreateFromUrlW
PathCanonicalizeW
PathAppendW
PathStripPathW
UrlIsW

iphlpapi

GetIfTable

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

EnterCriticalPolicySection
LeaveCriticalPolicySection
UnloadUserProfile

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory

crypt32

CryptProtectData
CryptUnprotectData

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 620KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dd0d79b18b25b2306fad0d65a90d56cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

shell32

user32

netapi32

shlwapi

iphlpapi

psapi

version

userenv

wtsapi32

crypt32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 295KB - Virtual size: 294KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 620KB - Virtual size: 624KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 295KB - Virtual size: 294KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 620KB - Virtual size: 624KB