5c69ba69920be5e77dc97d9bb20e8aaca59d7a2d6c7ac9aed63b9f9ad4720f23

Sharing

Copy URL

Twitter E-mail

General

Target

5c69ba69920be5e77dc97d9bb20e8aaca59d7a2d6c7ac9aed63b9f9ad4720f23
Size

1.2MB
MD5

3d45d6a6b9e329fa125858cc13d9e11b
SHA1

f63b41b471c56965f3d12038aebd05e7fff09963
SHA256

5c69ba69920be5e77dc97d9bb20e8aaca59d7a2d6c7ac9aed63b9f9ad4720f23
SHA512

ab5b60b2524308ccba1ec1397b0e893c26420b78dec18cf77ae0af595b3b3d50b33f88e26584a5ec934f210db574b23b2f567c802b6302e25739c56264e3a45b
SSDEEP

24576:FtCvHz5GID1GswToAyxe2UI0TcmBbM3+hebdf:3CcIDg1TVyxe/umbM3+h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c69ba69920be5e77dc97d9bb20e8aaca59d7a2d6c7ac9aed63b9f9ad4720f23

Files

5c69ba69920be5e77dc97d9bb20e8aaca59d7a2d6c7ac9aed63b9f9ad4720f23
.exe windows:6 windows x86 arch:x86

701f26f20ee872d862989b689bc44eca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
IIDFromString
StringFromGUID2
OleRun
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetFolderPathW

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTime
InternetCrackUrlA
HttpQueryInfoA
HttpOpenRequestA
InternetErrorDlg
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

user32

GetDesktopWindow
MessageBoxW
TrackPopupMenu
ShowWindow
DispatchMessageW
SetWindowLongA
CreatePopupMenu
wsprintfA
CharNextA
GetCursorPos
SetForegroundWindow
IsWindowUnicode
PostQuitMessage
PeekMessageA
AppendMenuA
TranslateMessage
CreateWindowExA
DefWindowProcA
RegisterClassA
GetWindowLongA
GetMessageW
GetMessageA
LoadImageA
DispatchMessageA
DestroyWindow
LoadStringA
PostMessageA
GetSystemMetrics
MsgWaitForMultipleObjectsEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

kernel32

RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
GetSystemInfo
CompareStringW
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
VirtualAlloc
VirtualProtect
VirtualQuery
GetFileType
GetConsoleCP
GetConsoleMode
CreateDirectoryW
LCMapStringW
GetDriveTypeW
GetFileInformationByHandle
GetFullPathNameW
SetStdHandle
GetModuleFileNameW
GetStdHandle
GetModuleFileNameA
SizeofResource
LoadLibraryExA
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
FindResourceA
lstrlenA
CreateMutexA
WaitForSingleObject
lstrcmpA
lstrcatA
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
GetLastError
SetDllDirectoryA
CloseHandle
RaiseException
IsDBCSLeadByte
LoadResource
DecodePointer
DeleteCriticalSection
FreeLibrary
WideCharToMultiByte
lstrcmpiA
SystemTimeToTzSpecificLocalTime
CreateEventA
SetEvent
lstrcpyA
CreateThread
ResetEvent
lstrcpynA
OpenEventA
WriteFile
Sleep
CreateFileA
GetCurrentProcess
GetTempPathA
GetVersionExA
DeleteFileA
LocalFree
ReadFile
FileTimeToSystemTime
SetHandleInformation
TerminateProcess
CreatePipe
PeekNamedPipe
CreateProcessA
GetExitCodeProcess
FindClose
LocalAlloc
GetSystemDirectoryA
LoadLibraryA
LockResource
ExitProcess
FormatMessageA
GetCurrentThreadId
FormatMessageW
GetLocalTime
GetCurrentProcessId
SetEndOfFile
SetFilePointerEx
SetLastError
GetCommandLineW
GetModuleHandleExW
GetNativeSystemInfo
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
GetFileAttributesA
OpenMutexA
LoadLibraryExW
GetModuleHandleExA
LoadLibraryW
CreateFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsDebuggerPresent
OutputDebugStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetFileSizeEx
FlushFileBuffers
ReadConsoleW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
GetProcAddress

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyA
CryptAcquireContextA
RegQueryValueExA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA

oleaut32

VariantChangeType
SysAllocString
SysStringByteLen
VariantInit
GetErrorInfo
VarUI4FromStr
SysFreeString
VariantClear

shlwapi

ord12

gdi32

GetStockObject

crypt32

CryptProtectData
CryptUnprotectData
CryptStringToBinaryA
CryptBinaryToStringA

msi

ord160
ord31
ord168
ord91
ord137
ord189
ord159
ord115
ord141
ord117
ord44
ord204
ord67
ord8
ord158

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

701f26f20ee872d862989b689bc44eca

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

user32

version

kernel32

advapi32

oleaut32

shlwapi

gdi32

crypt32

msi

Sections

.text Size: 403KB - Virtual size: 403KB

.rdata Size: 147KB - Virtual size: 146KB

.data Size: 10KB - Virtual size: 15KB

.rsrc Size: 97KB - Virtual size: 96KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 403KB - Virtual size: 403KB

.rdata
Size: 147KB - Virtual size: 146KB

.data
Size: 10KB - Virtual size: 15KB

.rsrc
Size: 97KB - Virtual size: 96KB

.reloc
Size: 592KB - Virtual size: 596KB