1274e54cd47d659d3e04111544b16ecd843aaa4e8419006edd09291fec56d657

Sharing

Copy URL

Twitter E-mail

General

Target

1274e54cd47d659d3e04111544b16ecd843aaa4e8419006edd09291fec56d657
Size

170KB
MD5

3f4cb501f377efe977b3e8071c1ec787
SHA1

6a77481f5e820bb11247e1d3395cfd3695eb894e
SHA256

1274e54cd47d659d3e04111544b16ecd843aaa4e8419006edd09291fec56d657
SHA512

ee3b500fbcb375b764fdb131c5bfe79e384547dbf1fddf6056dc6dcfa9fc3c79550e9ce0f3bc3bacadbae3381ccdb7cb74fdac460e737ae4c03a8c2693da143f
SSDEEP

3072:LJpOm5axh63laEo+pXX1pQD2UCohD8mxLCj+5cmeDye42L712xrpdJ8xLeb7UJ:NAm5oh63laEo+pXX1pkF8mxeq5+4m71l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1274e54cd47d659d3e04111544b16ecd843aaa4e8419006edd09291fec56d657

Files

1274e54cd47d659d3e04111544b16ecd843aaa4e8419006edd09291fec56d657
.exe windows:5 windows x86 arch:x86

ad8cfaedfc9fbc8b4528ded802c9cbd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReadFile
CreateMailslotA
SetEvent
CreateEventA
GetCurrentProcessId
GlobalLock
GlobalUnlock
LoadLibraryA
GetLogicalDrives
GetDiskFreeSpaceExA
CompareStringW
GetStringTypeW
HeapSize
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsProcessorFeaturePresent
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreatePipe
GetFileAttributesA
LCMapStringW
CreateFileA
GetOEMCP
GetACP
GetComputerNameA
GetFileTime
GetDriveTypeA
SetFileTime
GetTickCount
OpenFile
IsDebuggerPresent
GetSystemTime
GetLocalTime
LocalFree
GetVersionExA
GetModuleHandleA
GlobalMemoryStatusEx
GlobalFree
GetProcAddress
GetLastError
GlobalAlloc
GetCurrentProcess
CreateThread
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
TerminateProcess
CreateProcessA
TerminateThread
OpenProcess
WaitForSingleObject
Process32First
SetErrorMode
EndUpdateResourceA
EnumResourceNamesA
LoadLibraryExA
BeginUpdateResourceA
LockResource
GetBinaryTypeA
UpdateResourceA
LoadResource
FreeLibrary
FreeResource
FindResourceA
OpenFileMappingA
CloseHandle
UnmapViewOfFile
MapViewOfFile
GetCPInfo
LoadLibraryW
CreateFileW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
HeapCreate
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
SetFilePointer
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
IsValidCodePage
SetFileAttributesA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DuplicateHandle
GetFullPathNameA
GetDriveTypeW
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
CreateDirectoryA
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
HeapFree
HeapAlloc
HeapReAlloc
DeleteFileA
GetModuleHandleW
ExitProcess
DecodePointer
Sleep
MultiByteToWideChar
FindNextFileA

user32

GetWindowThreadProcessId
GetKeyboardLayout
GetWindowTextA
GetForegroundWindow
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
DispatchMessageA
SetWindowsHookExA
EmptyClipboard
CloseClipboard
ReleaseDC
GetDC
MessageBoxA
IsWindowVisible
TranslateMessage
GetDesktopWindow
EnumWindows
GetWindowRect
SetClipboardData
OpenClipboard
GetMessageA
GetClipboardData

gdi32

CreateCompatibleBitmap
CreateDIBSection
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

FreeSid
RegEnumKeyA
RegOpenKeyA
LookupAccountSidW
ConvertStringSidToSidA
OpenSCManagerA
StartServiceA
CreateServiceA
ChangeServiceConfig2A
DeleteService
CloseServiceHandle
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CheckTokenMembership
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetTokenInformation
ConvertSidToStringSidA
OpenProcessToken
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetKernelObjectSecurity
InitializeSecurityDescriptor

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
VariantInit

shlwapi

SHDeleteKeyA

wininet

InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA

winmm

mciSendStringA

wsock32

recv
htons
WSAStartup
connect
send
gethostbyname
closesocket
socket

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

netapi32

NetUserAdd
NetLocalGroupAddMembers

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad8cfaedfc9fbc8b4528ded802c9cbd0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

wsock32

iphlpapi

gdiplus

mpr

netapi32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 10KB - Virtual size: 10KB