43ec28061d239ea52a8a650e118657cd8158ca85c7f664288e0c5a0021d2f5eb

Sharing

Copy URL Twitter E-mail

General

Target

43ec28061d239ea52a8a650e118657cd8158ca85c7f664288e0c5a0021d2f5eb
Size

765KB
MD5

51ce58451272562402f547c4b52cfc44
SHA1

ce3ca843d8cf43c2437f8422c2596e874df07520
SHA256

43ec28061d239ea52a8a650e118657cd8158ca85c7f664288e0c5a0021d2f5eb
SHA512

2f5e5f2a4aab288d99a93a3def44b486050172164de7c669babe8c56a114545312f7b373ef9182a6559801bacb529f0b23604a4485c134fde375923c63346663
SSDEEP

12288:IT+vmLFVV5pNT5j0ElwP3kJkBTjZWggggMTqbdyewoildo6RxOarEno7fnMcsWIE:VvsFVrNuKkldWggggMGdKKYOoTnMcsEr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43ec28061d239ea52a8a650e118657cd8158ca85c7f664288e0c5a0021d2f5eb

Files

43ec28061d239ea52a8a650e118657cd8158ca85c7f664288e0c5a0021d2f5eb
.exe windows:5 windows x86 arch:x86

6563644d84e54a7213a22c612c62eead

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
LocalAlloc
LocalFree
OpenProcess
TerminateProcess
GetLogicalDriveStringsW
GetVersionExW
CreateDirectoryW
LockResource
LoadResource
SizeofResource
GetFileSize
WriteFile
ReadFile
FindResourceW
FindResourceExW
CreateFileA
DeleteFileW
GetModuleHandleW
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
SetLastError
LoadLibraryA
IsBadReadPtr
GlobalFree
DeviceIoControl
GetSystemDirectoryA
IsDebuggerPresent
OutputDebugStringW
Sleep
FlushFileBuffers
GetTickCount
FindNextFileW
GetNativeSystemInfo
FindClose
CreateFileW
CloseHandle
SetErrorMode
GetCurrentThreadId
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
FreeLibrary
GetProcAddress
GetModuleFileNameW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
GetTimeZoneInformation
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
LoadLibraryW
TryEnterCriticalSection
GetStringTypeW
QueryPerformanceCounter
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask

advapi32

LookupAccountSidW
RegOpenKeyExW
RegSetValueExW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
GetUserNameW

ole32

CoInitialize
CoUninitialize

shell32

SHGetFolderPathW

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW

dbghelp

MiniDumpWriteDump

psapi

GetProcessImageFileNameW
EnumProcesses

urlmon

ObtainUserAgentString

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6563644d84e54a7213a22c612c62eead

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shell32

shlwapi

dbghelp

psapi

urlmon

winhttp

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 9KB - Virtual size: 21KB

.rsrc Size: 172KB - Virtual size: 172KB

.reloc Size: 82KB - Virtual size: 84KB

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 9KB - Virtual size: 21KB

.rsrc
Size: 172KB - Virtual size: 172KB

.reloc
Size: 82KB - Virtual size: 84KB