e54683019af5e13eb8a73d42fc324ec7e005490e1fc28bc9a31b29180c1a1565

Sharing

Copy URL Twitter E-mail

General

Target

e54683019af5e13eb8a73d42fc324ec7e005490e1fc28bc9a31b29180c1a1565
Size

372KB
MD5

ad1bf124dd27ad9635b74919351cd54e
SHA1

cd937f2743654d54d76ba2ba920124b2f636f1af
SHA256

e54683019af5e13eb8a73d42fc324ec7e005490e1fc28bc9a31b29180c1a1565
SHA512

ae327a5b20615dc4fe3fb97fd0152e509671246362f4ce35aec134e0bdcd58c5d8b6294e60a84585bacbb20b648d799c54609b16f5ee955fe59adab3f72e7172
SSDEEP

6144:bxAj/LccG4YDyCuWy6DiLaNO0tvXbfgnFQS:bxAj/LdgyLLaNPgnFQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e54683019af5e13eb8a73d42fc324ec7e005490e1fc28bc9a31b29180c1a1565

Files

e54683019af5e13eb8a73d42fc324ec7e005490e1fc28bc9a31b29180c1a1565
.exe windows:4 windows x86 arch:x86

388306117f10ca390c28a5de3f80fd27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetDllDirectoryA
CreateThread
RtlMoveMemory
lstrcatA
CreateToolhelp32Snapshot
Module32First
OpenProcess
lstrcpynA
CloseHandle
WideCharToMultiByte
GetComputerNameExA
CreateFileA
GetFileSizeEx
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
Process32First
Process32Next
InterlockedIncrement
InterlockedDecrement
RtlZeroMemory
HeapDestroy
HeapCreate
lstrlenW
lstrcmpW
lstrcmpiW
VirtualAlloc
VirtualFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
lstrlenA
lstrcmpA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
Sleep
GetUserDefaultLCID
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLocalTime
SetFilePointer
CreateDirectoryA
GetTickCount
WriteFile
DeleteFileA
CreateProcessA
GetStartupInfoA
GetFileSize
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
RaiseException
RtlUnwind
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersion
GetCommandLineA

ws2_32

WSAGetLastError
gethostname
WSACleanup
WSAStartup

ole32

CoInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleRun

shlwapi

PathRemoveFileSpecA
PathRemoveBackslashA
PathFindExtensionA
PathGetArgsA
PathFileExistsA
StrToIntW
StrToIntExW
PathFindFileNameA

user32

wsprintfA
MessageBoxA
GetWindowThreadProcessId

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

388306117f10ca390c28a5de3f80fd27

Headers

File Characteristics

Imports

kernel32

ws2_32

ole32

shlwapi

user32

oleaut32

Sections

.text Size: 328KB - Virtual size: 324KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 80KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 328KB - Virtual size: 324KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 80KB

.rsrc
Size: 4KB - Virtual size: 1KB