222d58b9d43e253608cdf1b6ed03b0b2da84c35ab2f995cb92fd6e25bfe627bf

Sharing

Copy URL Twitter E-mail

General

Target

222d58b9d43e253608cdf1b6ed03b0b2da84c35ab2f995cb92fd6e25bfe627bf
Size

971KB
MD5

e6acc673813b941a1fd0dd3b0c8ed64a
SHA1

451fde998adea28207abcb6a267ab79e5c3cb89d
SHA256

222d58b9d43e253608cdf1b6ed03b0b2da84c35ab2f995cb92fd6e25bfe627bf
SHA512

aa9bea53690daeaead2bae83dba9e71ad8f84c242514e3efbe9bef65c8f26adca0b63820d0d8d2694a159fbe5f9e8c52735e5534206d169a5cef686c5a61cd3b
SSDEEP

6144:hwynAtMrOVRkidy9yIGWlUie2EII1SLHco6FLY6shZBWlK3b++2kLDiQJUEWHQXx:hwKfOVRo9yRYCIGLUh7Wk/Li0cIqK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
222d58b9d43e253608cdf1b6ed03b0b2da84c35ab2f995cb92fd6e25bfe627bf

Files

222d58b9d43e253608cdf1b6ed03b0b2da84c35ab2f995cb92fd6e25bfe627bf
.exe windows:5 windows x86 arch:x86

d3eafac78b2f94eb6a014af9c2a27809

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileA

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

DeleteFileA
GetTempFileNameA
CreateFileA
lstrcpyA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetVolumeInformationA
GetDriveTypeA
WaitForSingleObject
CreateMutexA
Thread32Next
SuspendThread
ResumeThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateDirectoryA
GetTempPathA
CreateThread
FreeResource
UpdateResourceA
LockResource
LoadResource
SizeofResource
FindResourceExA
EnumResourceLanguagesA
EnumResourceNamesA
SetFileTime
GetFileTime
FreeLibrary
FindResourceA
LoadLibraryExA
GetCurrentProcess
SetEvent
OpenEventA
Process32Next
Process32First
FindClose
FindNextFileA
FindFirstFileA
EndUpdateResourceA
EnumResourceTypesA
BeginUpdateResourceA
GetTickCount
CopyFileA
ReleaseMutex
lstrlenA
lstrcatA
WriteFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Sleep
GetLastError
HeapSize
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
FlushFileBuffers
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
ReadFile
HeapReAlloc
lstrcmpA
SetFilePointer
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentThreadId
GetVersionExA
GetCurrentProcessId
GetFullPathNameA
GetCurrentThread
WideCharToMultiByte
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc

user32

wvsprintfA
wsprintfA

advapi32

OpenProcessToken
FreeSid
OpenThreadToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

SHRegCloseUSKey
SHRegCreateUSKeyA

wininet

InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpQueryInfoA
InternetOpenUrlA
InternetSetFilePointer
InternetConnectA

ws2_32

WSAStartup
gethostbyname

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3eafac78b2f94eb6a014af9c2a27809

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

psapi

version

kernel32

user32

advapi32

shell32

shlwapi

wininet

ws2_32

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 789KB - Virtual size: 789KB

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 789KB - Virtual size: 789KB