549e25ddb7a32fcfcc52a228c5ddf645

Sharing

Copy URL Twitter E-mail

General

Target

549e25ddb7a32fcfcc52a228c5ddf645
Size

92KB
MD5

549e25ddb7a32fcfcc52a228c5ddf645
SHA1

a366f07cc7df2de59af5dec5132eb66d9898666a
SHA256

6c96bf61ce8c69e4a152179566f0c548a27664902be22566de40f6c9ac6e2517
SHA512

d4d94d1bcf976e24c5f5e8b72d025ea7b04c96ec68fc0b8054ec7c04fe4264966c15fb4c964b9ca5c1ffe9a08acda4934433392f074eaa8cab221b41e8848012
SSDEEP

1536:BJegceKxxf0zlkdSSWdsvqg0D+jVsAZfeWlzflEOt9PCZ8KIFN327KOI+B34Qk7o:Xeg7+RSoSx7BKZfpNmOPePIFxvOIASMX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
549e25ddb7a32fcfcc52a228c5ddf645

Files

549e25ddb7a32fcfcc52a228c5ddf645
.exe windows:5 windows x86 arch:x86

aa730516da68dce64cc118b9b69be93e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerExW

apphelp

ApphelpQueryModuleData
ApphelpCheckRunApp

atmlib

ATMClient

kernel32

GetCurrentProcess
DisableThreadLibraryCalls
OutputDebugStringA
VirtualAlloc
QueryPerformanceCounter
GetSystemInfo
UnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
GetLastError
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId

cmdial32

AutoDialFunc

ntdll

NtTerminateThread
NtSetInformationThread
RtlLengthRequiredSid
NtWaitForMultipleObjects
RtlAllocateHeap
NtClose
RtlExitUserThread
RtlAddAccessAllowedAce
NtCreatePort
NtSetEvent
RtlRegisterWait
NtQueryValueKey
NtCreateFile
RtlUnwind
RtlLeaveCriticalSection
NtQueryVirtualMemory
NtOpenKey
_vsnprintf
RtlCreateAcl
RtlInitUnicodeString
NtReadRequestData
NtDuplicateObject
RtlInitializeCriticalSection
RtlCreateSecurityDescriptor
RtlCreateHeap
RtlCreateUserThread
NtWriteRequestData
NtQuerySystemInformation
RtlFreeHeap
NtImpersonateThread
NtResumeThread
NtOpenProcess
NtReplyPort
RtlSetDaclSecurityDescriptor
RtlAllocateAndInitializeSid
RtlLengthSid
NtResetEvent
RtlEnterCriticalSection
RtlDestroyHeap
RtlInitializeSid
NtRequestWaitReplyPort
NtCreateEvent
NtOpenThread
RtlSubAuthoritySid
NtCompleteConnectPort
NtDelayExecution
NtAcceptConnectPort
NtReplyWaitReceivePort
RtlDeleteCriticalSection

crypt32

RegCreateHKCUKeyExU

Sections

.textbss
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa730516da68dce64cc118b9b69be93e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

apphelp

atmlib

kernel32

cmdial32

ntdll

crypt32

Sections

.textbss Size: - Virtual size: 432KB

.text Size: 512B - Virtual size: 452B

.idata Size: 88KB - Virtual size: 88KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 1024B - Virtual size: 892B

.reloc Size: 512B - Virtual size: 28B

.textbss
Size: - Virtual size: 432KB

.text
Size: 512B - Virtual size: 452B

.idata
Size: 88KB - Virtual size: 88KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 1024B - Virtual size: 892B

.reloc
Size: 512B - Virtual size: 28B