528286d855c4020538d18aaf538ffacb589379648f7475dec986c4804c6c8050

Sharing

Copy URL Twitter E-mail

General

Target

528286d855c4020538d18aaf538ffacb589379648f7475dec986c4804c6c8050
Size

736KB
MD5

25a9eda4b1ccd6d21560ad51397bb4ef
SHA1

b83adf08db11167b64c7d77f63ea4833c0e62171
SHA256

528286d855c4020538d18aaf538ffacb589379648f7475dec986c4804c6c8050
SHA512

ef977c279df06cf0679d1758ea8855c913fdd7fedecea512fcc041d86e197ed73da5c1b665323db404ed9340bcadfd4021bd2ea83ff4c810098379dfec0a3720
SSDEEP

6144:yBdudZMtT/vpcTr5QTWv7sJmAlf29Yuojnx0ViGCKs/:ZotT/Rur5uWHAlMxEx0oGCKs/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
528286d855c4020538d18aaf538ffacb589379648f7475dec986c4804c6c8050

Files

528286d855c4020538d18aaf538ffacb589379648f7475dec986c4804c6c8050
.exe windows:6 windows x86 arch:x86

7d52e72faabc180bf907a9250452224f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
OutputDebugStringW
GetTempPathW
WriteFile
GetFileSizeEx
SetConsoleTextAttribute
GetStdHandle
WriteConsoleW
FindNextFileW
FindClose
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
QueryFullProcessImageNameW
GetPrivateProfileStringW
CreateEventW
WaitForMultipleObjects
Sleep
ResetEvent
ReleaseMutex
GetFileAttributesW
CreateMutexW
InitializeCriticalSection
SetLastError
GetCurrentProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetCurrentThreadId
FreeLibrary
GetModuleFileNameW
WaitForSingleObject
SetEvent
FindFirstFileW
DeleteFileW
CreateFileW
CloseHandle
LoadLibraryW
DecodePointer
GetProcAddress
GetModuleHandleW
FindResourceExW
FindResourceW
SizeofResource
GetCurrentProcessId
GetLocalTime
GetPrivateProfileIntW
VirtualQuery
LockResource
LoadResource
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
WideCharToMultiByte
LCMapStringW
GetStringTypeW
GetFileType
GetACP
ExitProcess
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
lstrcatW
lstrlenW
MoveFileW
MoveFileExW
GetSystemDirectoryW
Wow64DisableWow64FsRedirection
CopyFileW
Wow64RevertWow64FsRedirection
MultiByteToWideChar
GetModuleHandleExW
VirtualAlloc
CreateTimerQueueTimer
DeleteTimerQueueTimer
VirtualFree
CreateThread
IsDebuggerPresent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect

user32

UnregisterPowerSettingNotification
RegisterPowerSettingNotification

advapi32

RegCloseKey
RegSetValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExW
ChangeServiceConfigW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceConfigW
QueryServiceConfig2W
ChangeServiceConfig2W
CreateServiceW
RegOpenKeyExW
DeleteService
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegGetValueW
SetFileSecurityW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

powrprof

CallNtPowerInformation

shlwapi

PathAppendW
PathRemoveExtensionW
PathFindExtensionW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CryptMsgClose

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d52e72faabc180bf907a9250452224f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

powrprof

shlwapi

version

crypt32

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 16KB - Virtual size: 16KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.rsrc Size: 412KB - Virtual size: 412KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 16KB - Virtual size: 16KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 412KB - Virtual size: 412KB

.reloc
Size: 16KB - Virtual size: 16KB