852d301cb54156a30fdf438c2476009735c4df6dd0e7f4af34a0bb226d918b6f

Sharing

Copy URL

Twitter E-mail

General

Target

852d301cb54156a30fdf438c2476009735c4df6dd0e7f4af34a0bb226d918b6f
Size

846KB
MD5

5e5607905319d9d69afa2586099e4db2
SHA1

d2fb8ca98e6089954567bdc7e7dabf1dc8f4831e
SHA256

852d301cb54156a30fdf438c2476009735c4df6dd0e7f4af34a0bb226d918b6f
SHA512

00555f4d6edee4d1f26528bdb937f9aaea67878d3f417e05daf03cc20e4410576cba4dcd8d47ed50523061c29852de7f4950cfff1d586704a5311c285655d921
SSDEEP

24576:aa7E3333qg6JswtT3Do8izXWQsTPR+3ZmOu:vtT30ZWQs1+3ZmOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
852d301cb54156a30fdf438c2476009735c4df6dd0e7f4af34a0bb226d918b6f

Files

852d301cb54156a30fdf438c2476009735c4df6dd0e7f4af34a0bb226d918b6f
.exe windows:6 windows x86 arch:x86

c038741ec8402fdc578d862756212ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsWow64Process
GetSystemTime
WideCharToMultiByte
GetCurrentProcessId
GetFileSize
GetLocalTime
FindResourceW
LoadResource
FindResourceExW
Process32FirstW
LockResource
TerminateThread
Process32NextW
Sleep
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
WaitForMultipleObjects
GetModuleFileNameW
TerminateProcess
VirtualAlloc
GetCurrentProcess
VirtualFree
SizeofResource
ReadFile
VirtualFreeEx
GetModuleHandleW
VirtualAllocEx
GetProcAddress
WaitForSingleObject
VirtualProtect
WriteProcessMemory
SetEndOfFile
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetOEMCP
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ExitProcess
GetACP
GetModuleHandleExW
ExitThread
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
WaitNamedPipeW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
InterlockedPopEntrySList
ReleaseSemaphore
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
GetLastError
HeapSize
CreateFileW
InitializeCriticalSectionEx
WriteFile
HeapFree
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetFileSizeEx
SetConsoleTextAttribute
EnterCriticalSection
GetStdHandle
GetPrivateProfileIntW
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetTempPathW
CreateMutexW
GetFileAttributesW
ReleaseMutex
OutputDebugStringW
DeleteFileW
LoadLibraryW
WriteConsoleW
VirtualQuery
SetThreadPriority
GetCurrentThreadId
CreateEventW
SetLastError
FindNextFileW
FindClose
LocalAlloc
SetEvent
LocalFree
FreeLibrary
GetStartupInfoW
DuplicateHandle
FreeResource
GlobalAlloc
GlobalFree
GetTickCount
LoadLibraryExW
FlushFileBuffers
GetSystemFirmwareTable
GetVersionExW
IsDebuggerPresent
TryEnterCriticalSection
GetStringTypeW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
SignalObjectAndWait
SwitchToThread
CreateThread
GetThreadPriority
GetLogicalProcessorInformation

user32

PostMessageW
IsWindow
SendMessageW
wsprintfW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathAppendW
StrCpyNW

libcrypto-3

RC4
BIO_new_mem_buf
RSA_public_encrypt
RSA_size
BIO_write
AES_cbc_encrypt
PEM_read_bio_RSA_PUBKEY
BIO_free_all
BIO_s_mem
AES_set_encrypt_key
BIO_set_flags
BIO_read
RSA_free
BIO_f_base64
BIO_push
RC4_set_key
BIO_ctrl
BIO_new
SHA256_Update
SHA256_Final
SHA256_Init

wininet

InternetQueryDataAvailable
HttpOpenRequestW
InternetQueryOptionW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile
HttpAddRequestHeadersW
InternetWriteFile
InternetOpenW
InternetAttemptConnect
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
InternetCloseHandle
InternetGetConnectedStateExW
InternetConnectW

crypt32

CertFreeCertificateContext
CryptQueryObject
CertGetCertificateContextProperty
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptMsgClose

wintrust

WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

advapi32

OpenServiceW
OpenSCManagerW
RegQueryValueExA
CloseServiceHandle
QueryServiceStatus
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
InitializeSecurityDescriptor
SetFileSecurityW
RegCloseKey
SetSecurityDescriptorDacl
StartServiceW
RegOpenKeyExA
ControlService

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c038741ec8402fdc578d862756212ab0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

shlwapi

libcrypto-3

wininet

crypt32

wintrust

iphlpapi

advapi32

Sections

.text Size: 604KB - Virtual size: 603KB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 12KB - Virtual size: 25KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 604KB - Virtual size: 603KB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 12KB - Virtual size: 25KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB