a5a036a83ba6045b9bf498662d087aba8f43d2b0c86695a1e043faf5ce8c4144

Sharing

Copy URL Twitter E-mail

General

Target

a5a036a83ba6045b9bf498662d087aba8f43d2b0c86695a1e043faf5ce8c4144
Size

8.2MB
MD5

35ab1c6aec6d88ad2e453ce6a8742316
SHA1

c57dbd7f9c25b47aaf9e9fff1175443261bf38ac
SHA256

a5a036a83ba6045b9bf498662d087aba8f43d2b0c86695a1e043faf5ce8c4144
SHA512

f004b0552995b10b78bd633128c015f4894b0b0a32feba66d26f9150dd6bdeded3d455bf77b345355ec55a24a2cd559a289eaed7c07bd8029686896ced2b2e6a
SSDEEP

98304:yWk5iMiAMksJq3LTlu8mB4faZ8yJMGb2bfSBg0ZJsX0OjRKv3JY4L/NcSbuDp5Ix:65iZ23/yiXfSBEv4vJNLUHdEj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5a036a83ba6045b9bf498662d087aba8f43d2b0c86695a1e043faf5ce8c4144

Files

a5a036a83ba6045b9bf498662d087aba8f43d2b0c86695a1e043faf5ce8c4144
.exe windows:5 windows x86 arch:x86

43094fb216402618647799365c7be4e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegSetValueA

oleaut32

SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLib
LoadTypeLib
RegisterTypeLib
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SafeArrayAllocData
SafeArrayCreate
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
SafeArrayAllocDescriptor
VariantCopy
SafeArrayRedim
SafeArrayGetDim

wininet

FtpFindFirstFileA
InternetFindNextFileA
InternetWriteFile
FtpOpenFileA

ole32

WriteClassStg
ReadFmtUserTypeStg

kernel32

CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetModuleHandleA
MapViewOfFile
GetSystemFirmwareTable
IsBadReadPtr
TlsSetValue
LeaveCriticalSection
GetFileTime

user32

GetTopWindow

gdi32

SetTextJustification

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA

shell32

ExtractIconA

shlwapi

PathFindFileNameA

netapi32

Netbios

iphlpapi

GetAdaptersInfo

cfgmgr32

CM_Get_Device_IDA

Sections

Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.winlice
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43094fb216402618647799365c7be4e8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

oleaut32

wininet

ole32

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

shlwapi

netapi32

iphlpapi

cfgmgr32

Sections

Size: 560KB - Virtual size: 560KB

Size: 100KB - Virtual size: 100KB

Size: 52KB - Virtual size: 52KB

Size: 132KB - Virtual size: 132KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 32KB

.winlice Size: 5.1MB - Virtual size: 5.1MB

.boot Size: 2.2MB - Virtual size: 2.2MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 32KB

.winlice
Size: 5.1MB - Virtual size: 5.1MB

.boot
Size: 2.2MB - Virtual size: 2.2MB