5a99838b50f26878d17d34b55cfbe1dd1b5a789cfa51317ea1af9060de19bf00

Sharing

Copy URL Twitter E-mail

General

Target

5a99838b50f26878d17d34b55cfbe1dd1b5a789cfa51317ea1af9060de19bf00
Size

2.8MB
MD5

364c784e474cd523a8927c2b996386d9
SHA1

9a83069d476d25fb34718af13d03dededa6e36a9
SHA256

5a99838b50f26878d17d34b55cfbe1dd1b5a789cfa51317ea1af9060de19bf00
SHA512

5482d4a924125af20bb2b6c9ddc0bfb19d3df0108db08bc2cb7a441033cf6002a2fa83c9680439f4f737cd44c5e65f28db923b7a38fa17a34ab4c00d07d80786
SSDEEP

49152:5AJxLCGgnXpF7/5XvJ/MQuZceylE5L07gX0rrsZtKcifqs1xTAsFwLbgfU39c:5WxLNgnXb7pvJkzZhyiLd0vs+ndbFwLg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a99838b50f26878d17d34b55cfbe1dd1b5a789cfa51317ea1af9060de19bf00

Files

5a99838b50f26878d17d34b55cfbe1dd1b5a789cfa51317ea1af9060de19bf00
.dll windows:5 windows x86 arch:x86

d9387350ff0ee3f04111544a094551de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

esent

JetEndSession

user32

GetMenuItemRect
AdjustWindowRect
GetProcessDefaultLayout
SetWindowsHookA
GetClassLongW

wininet

InternetCanonicalizeUrlA

lz32

LZSeek

msvcrt

memset
fgets
putc
system

ole32

IsAccelerator
CoIsOle1Class

kernel32

SetConsoleCursorPosition
GetModuleFileNameA
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultLangID
GetProcessHeap

winspool.drv

DeletePortW

ws2_32

shutdown

winmm

mciGetErrorStringA
CloseDriver

netapi32

NetLocalGroupGetMembers

oleaut32

SafeArrayAllocDescriptorEx

gdi32

SetICMProfileA
EndPath
SetDCPenColor
CreateSolidBrush

secur32

MakeSignature

mscms

DisassociateColorProfileFromDeviceW

comdlg32

FindTextA

rpcrt4

RpcStringBindingComposeA

avifil32

AVIStreamSampleToTime

shlwapi

SHDeleteValueW
StrCmpNA

shell32

DragAcceptFiles

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cDYrXf
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9387350ff0ee3f04111544a094551de

Headers

File Characteristics

Imports

esent

user32

wininet

lz32

msvcrt

ole32

kernel32

winspool.drv

ws2_32

winmm

netapi32

oleaut32

gdi32

secur32

mscms

comdlg32

rpcrt4

avifil32

shlwapi

shell32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 320KB - Virtual size: 318KB

CRT Size: 2.3MB - Virtual size: 2.3MB

2 Size: 8KB - Virtual size: 5KB

cDYrXf Size: 80KB - Virtual size: 78KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 48KB - Virtual size: 46KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 320KB - Virtual size: 318KB

CRT
Size: 2.3MB - Virtual size: 2.3MB

2
Size: 8KB - Virtual size: 5KB

cDYrXf
Size: 80KB - Virtual size: 78KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 46KB