5b3924ad959296a89f18e91eb452bbf3ec162b8cea99b83a43cb974651495923

Sharing

Copy URL Twitter E-mail

General

Target

5b3924ad959296a89f18e91eb452bbf3ec162b8cea99b83a43cb974651495923
Size

1.4MB
MD5

de53262a37d3fba64f4ebb1daeee6ba5
SHA1

1cd3f5a5448ae3ab56d376fec3a5e4218ae96d9f
SHA256

5b3924ad959296a89f18e91eb452bbf3ec162b8cea99b83a43cb974651495923
SHA512

adbaccad921a7e2abaec9e9d7fa3b8cbbc3261ee011f460dc7220ea983f9f176cdb842c4717e46e91d041f97ac904b76d54e8c6aa66553d434166f372597cd85
SSDEEP

24576:O5vYM2fmSjgVXo/WE0Mofgh7HJV44a69lJrtVPQaIXGp7F:Qu/WE0McghrJyp69lJrtVYaIXGp7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b3924ad959296a89f18e91eb452bbf3ec162b8cea99b83a43cb974651495923

Files

5b3924ad959296a89f18e91eb452bbf3ec162b8cea99b83a43cb974651495923
.exe windows:5 windows x86 arch:x86

646f0cf83f511a592a595d160f6c7d0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
QueryPerformanceFrequency
GetCurrentProcessId
CreateFileW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeCriticalSection
OpenProcess
GetProcAddress
GetModuleHandleW
QueryDosDeviceW
CreateToolhelp32Snapshot
TerminateProcess
CreateProcessW
GetExitCodeProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessTimes
GetWindowsDirectoryW
Process32NextW
Process32FirstW
MultiByteToWideChar
GetTickCount
LocalAlloc
SetLastError
GetModuleHandleA
lstrlenA
GetSystemInfo
TlsGetValue
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
InterlockedCompareExchange
SleepEx
TlsSetValue
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
CreateEventW
CreateIoCompletionPort
CreateWaitableTimerA
GetFileTime
OpenEventA
AreFileApisANSI
GetModuleFileNameW
ReadFile
Sleep
GetProcessHeap
HeapFree
QueryPerformanceCounter
HeapAlloc
CreateFileA
TlsFree
LocalFree
CloseHandle
TlsAlloc
DuplicateHandle
DeleteCriticalSection
WaitForMultipleObjects
PostQueuedCompletionStatus
InterlockedExchangeAdd
EnterCriticalSection
QueueUserAPC
GetLastError
InterlockedExchange
ReleaseSemaphore
CreateSemaphoreA
LeaveCriticalSection
FormatMessageW
CreateEventA
TerminateThread
WideCharToMultiByte
FormatMessageA
WaitForSingleObjectEx
SetEvent
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
GetDateFormatA
GetFileAttributesExW
GetFileAttributesW
DeviceIoControl
ResumeThread
WaitForMultipleObjectsEx
ResetEvent
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetEndOfFile
SetStdHandle
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
GetStartupInfoW
GetTimeFormatA
InterlockedIncrement
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
RaiseException
RtlUnwind
FindClose
MoveFileA
DeleteFileA
ExitThread
CreateThread
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetLocaleInfoW
ExitProcess
HeapSize
SetHandleCount
GetFileType

advapi32

EnumDependentServicesA
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
RegSetValueExA
RegCreateKeyExA
QueryServiceConfigA
QueryServiceConfig2A
QueryServiceStatus
OpenSCManagerA
StartServiceA
RegQueryValueExA
OpenServiceA
ControlService
QueryServiceStatusEx
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ws2_32

__WSAFDIsSet
accept
getpeername
ioctlsocket
WSAStringToAddressA
ntohl
htonl
freeaddrinfo
ntohs
setsockopt
bind
getsockopt
listen
WSAAddressToStringA
WSARecv
WSASend
select
WSAGetLastError
WSASetLastError
htons
connect
getsockname
WSAStartup
WSACleanup
getaddrinfo
WSAIoctl
shutdown
WSASocketW
closesocket

mswsock

AcceptEx
GetAcceptExSockaddrs

shlwapi

StrStrIW
PathRemoveFileSpecW
PathFindFileNameA
PathRemoveFileSpecA

psapi

GetProcessImageFileNameW
GetProcessMemoryInfo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

646f0cf83f511a592a595d160f6c7d0a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

mswsock

shlwapi

psapi

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 37KB - Virtual size: 49KB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 96KB - Virtual size: 96KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 37KB - Virtual size: 49KB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 96KB - Virtual size: 96KB