5ad8e0a59123537c3d7bb60a8be760cf0bf33cbde58fa94451a62c1d3ece7c43

Sharing

Copy URL Twitter E-mail

General

Target

5ad8e0a59123537c3d7bb60a8be760cf0bf33cbde58fa94451a62c1d3ece7c43
Size

669KB
MD5

e572a65823c1d872cf96f47284efddad
SHA1

25e9172a0fc15e4c209f96b0bfed3f8f83b9cbc6
SHA256

5ad8e0a59123537c3d7bb60a8be760cf0bf33cbde58fa94451a62c1d3ece7c43
SHA512

47b529ac7e68bf44c82b28779dfb8fd66755cc284edd5323ec8ea37f1bdfc6b791be7c3728e2a271d886090750249c4bd67d0d591a7f8ce5d779f95c39780e7b
SSDEEP

12288:u3Zjv/M012vy0UTc3Kg8PaIoRhVx5DD1/3ejx4Lg2YwolFUOYfn3PcGNeZydKQLR:uphyUTmKgc8DDD1/Cx4U2doy0USydKC0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ad8e0a59123537c3d7bb60a8be760cf0bf33cbde58fa94451a62c1d3ece7c43

Files

5ad8e0a59123537c3d7bb60a8be760cf0bf33cbde58fa94451a62c1d3ece7c43
.exe windows:6 windows x86 arch:x86

1f67dcb32017645a2f79aed92859afc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Workstation\US_Jorge_Extensioninstaller\work\InstallExtensionsForcely\Release\Manage.pdb

Imports

ws2_32

WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACloseEvent
send
accept
WSAResetEvent
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
getsockopt
select
__WSAFDIsSet
inet_pton
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

kernel32

GetDateFormatW
HeapReAlloc
HeapAlloc
GetTimeFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
HeapFree
GetACP
GetModuleFileNameA
ExpandEnvironmentStringsA
CreateMutexA
GetOEMCP
GetLastError
CreateProcessA
FindFirstFileA
GetCommandLineW
FindNextFileA
FindClose
CopyFileA
CloseHandle
CreateDirectoryA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
FormatMessageW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetFileAttributesExW
GetCommandLineA
GetEnvironmentStringsW
LoadLibraryExW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
Sleep
ExitProcess
GetModuleFileNameW
WriteFile
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
RaiseException
RtlUnwind
ExitThread
CreateThread
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FileTimeToSystemTime

advapi32

RegCloseKey
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegCreateKeyExA
RegSetValueExA

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

bcrypt

BCryptGenRandom

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f67dcb32017645a2f79aed92859afc3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

advapi32

shell32

ole32

oleaut32

bcrypt

Sections

.text Size: 507KB - Virtual size: 507KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 472B

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 507KB - Virtual size: 507KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 472B

.reloc
Size: 23KB - Virtual size: 22KB