059c799332e811b76bd87670d5952a4655575355e77804cb62844ebb9c2e81d1

Sharing

Copy URL Twitter E-mail

General

Target

059c799332e811b76bd87670d5952a4655575355e77804cb62844ebb9c2e81d1
Size

1.2MB
MD5

3158bd2e872c4adfb6a94586eabde2e0
SHA1

f380e297d5082236b46636090d01388cf9860ec2
SHA256

059c799332e811b76bd87670d5952a4655575355e77804cb62844ebb9c2e81d1
SHA512

2a95a3a3b4469cb967dba5aec124569db616d88a7e60437f658661df7a52fc224a315ebb4adf666ae6a5d7234113d63b8922a1a6e1924d981336f5c2f6965f88
SSDEEP

24576:yXhtoKSeMP/FdiyAYePMv8BWZKFeK/R0K9GFFYl8J/ld:yXhBIiyAd65ZEeK/GGYFYlon

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
059c799332e811b76bd87670d5952a4655575355e77804cb62844ebb9c2e81d1

Files

059c799332e811b76bd87670d5952a4655575355e77804cb62844ebb9c2e81d1
.exe windows:5 windows x86 arch:x86

c3ef62ee6b4152404fbc0c173c3d1476

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
Sleep
SetEvent
CloseHandle
CreateThread
ExpandEnvironmentStringsA
LoadLibraryA
GetStdHandle
WriteConsoleW
SetThreadAffinityMask
GetVolumeInformationW
DeviceIoControl
GetSystemDirectoryW
CreateFileA
GetCurrentThread
LocalFree
GetComputerNameW
ReadFile
WriteFile
CreateFileW
GetTickCount
GetExitCodeProcess
GetModuleFileNameW
TerminateThread
GetLocalTime
CreateMutexW
ExpandEnvironmentStringsW
GetModuleHandleA
DeleteFileW
GetCurrentProcessId
FormatMessageA
GetCurrentProcess
GetCurrentThreadId
DuplicateHandle
IsDebuggerPresent
GetModuleHandleW
GetTempPathW
GetFileAttributesExW
GetCurrentDirectoryW
MoveFileExW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
FindFirstFileExW
FindNextFileW
FindClose
GetCommandLineW
GetModuleHandleExW
GetVersionExW
GetNativeSystemInfo
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
LoadLibraryW
WaitForMultipleObjects
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoA
SleepEx
GetFileType
PeekNamedPipe
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
OutputDebugStringW
GetModuleFileNameA
GetFullPathNameW
IsBadReadPtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
GetConsoleCP
GetConsoleMode
ExitProcess
SetStdHandle
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetACP
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
lstrcmpiW
LoadLibraryExA
CreatePipe
GetSystemTimeAsFileTime
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
HeapFree
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError

user32

GetMonitorInfoW
MonitorFromWindow
MessageBoxA
GetWindowThreadProcessId
wsprintfW
CharUpperA
WindowFromPoint
GetSystemMetrics

ws2_32

bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
closesocket
connect
ntohl
htonl
gethostname
listen
accept
sendto
getpeername
freeaddrinfo
getaddrinfo
WSAIoctl
socket
ioctlsocket
setsockopt
ntohs
htons
getsockopt
getsockname
recvfrom

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

StrCmpIW
StrIsIntlEqualW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

advapi32

LookupAccountNameW
RegQueryInfoKeyW
ConvertSidToStringSidA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
OpenSCManagerW
EnumServicesStatusW
RegOpenCurrentUser

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemFree
CoCreateGuid
StringFromCLSID
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear

wininet

InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW
InternetOpenA
InternetCheckConnectionW
InternetCloseHandle
InternetConnectW
HttpSendRequestA
InternetReadFile

wldap32

ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord46

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 979KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3ef62ee6b4152404fbc0c173c3d1476

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

version

shlwapi

advapi32

ole32

oleaut32

wininet

wldap32

iphlpapi

Sections

.text Size: 979KB - Virtual size: 979KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 11KB - Virtual size: 27KB

.gfids Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 979KB - Virtual size: 979KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 11KB - Virtual size: 27KB

.gfids
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 39KB - Virtual size: 38KB