5d0225611bcd7c6ac55f22231504bbf68cb042e42823c427a7b810c11a107f2e

Sharing

Copy URL Twitter E-mail

General

Target

5d0225611bcd7c6ac55f22231504bbf68cb042e42823c427a7b810c11a107f2e
Size

1.3MB
MD5

ba69b6ede95151f4195727bcb84fd152
SHA1

920b8baae864343c8137664e3b69009d799724ef
SHA256

5d0225611bcd7c6ac55f22231504bbf68cb042e42823c427a7b810c11a107f2e
SHA512

791a98fb77567797ec26ea4f48c463591f081276beef8d35c9929d3b5e5e6bddbe15915da391b3c90c82d1e4ca71861edd42767dc96de9fde07f828a6d061b04
SSDEEP

24576:St74+KnGwmsrFSV184veVryNgK0np6NauC/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:aJKGwNSV7eVGNgKupXuCLNiXicJFFRGN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d0225611bcd7c6ac55f22231504bbf68cb042e42823c427a7b810c11a107f2e

Files

5d0225611bcd7c6ac55f22231504bbf68cb042e42823c427a7b810c11a107f2e
.exe windows:6 windows x86 arch:x86

b262c733946696280ccba0620f6a5a55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
StringFromGUID2
IIDFromString
OleRun
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetFolderPathW

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTime
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetErrorDlg

user32

MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetDesktopWindow
ShowWindow
DestroyWindow
MessageBoxW
GetSystemMetrics
wsprintfA
CharNextA
LoadStringA
GetMessageA
GetMessageW
TranslateMessage
DispatchMessageA
DispatchMessageW
PeekMessageA
PostMessageA
DefWindowProcA
PostQuitMessage
RegisterClassA
LoadImageA
SetWindowLongA
GetWindowLongA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
AppendMenuA
CreatePopupMenu
CreateWindowExA

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA

kernel32

GetDriveTypeW
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetFileType
GetSystemTimeAsFileTime
GetModuleHandleW
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
GetConsoleOutputCP
GetConsoleMode
GetFileInformationByHandle
GetStdHandle
GetModuleFileNameW
InitializeSListHead
WriteConsoleW
GetFullPathNameW
CreateDirectoryW
GetCommandLineA
DecodePointer
CloseHandle
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
CreateMutexA
CreateEventA
WaitForMultipleObjects
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpA
lstrcmpiA
lstrcatA
lstrlenA
FindResourceA
SetDllDirectoryA
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
ResetEvent
CreateThread
lstrcpyA
lstrcpynA
CreateFileA
WriteFile
OpenEventA
Sleep
DeleteFileA
GetTempPathA
GetCurrentProcess
GetVersionExA
LocalFree
ReadFile
FileTimeToSystemTime
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FormatMessageW
GetEnvironmentVariableA
FindClose
ExitProcess
TerminateProcess
GetSystemDirectoryA
LockResource
LoadLibraryA
LocalAlloc
FormatMessageA
GetCommandLineW
SetLastError
GetNativeSystemInfo
GetModuleHandleExW
SetHandleInformation
CreatePipe
PeekNamedPipe
GetExitCodeProcess
CreateProcessA
SetEndOfFile
SetFilePointerEx
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
GetFileAttributesA
SetStdHandle
LoadLibraryW
LoadLibraryExW
OpenMutexA
QueryPerformanceCounter
CreateFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
OutputDebugStringW
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetFileSizeEx
ReadConsoleW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEvent
GetModuleHandleExA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

oleaut32

VariantChangeType
GetErrorInfo
SysFreeString
VarUI4FromStr
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear

shlwapi

ord12

gdi32

GetStockObject

crypt32

CryptUnprotectData
CryptProtectData
CryptStringToBinaryA
CryptBinaryToStringA

msi

ord189
ord31
ord159
ord158
ord91
ord117
ord115
ord160
ord44
ord204
ord168
ord137
ord141
ord8
ord67

Sections

.text
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b262c733946696280ccba0620f6a5a55

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

user32

version

kernel32

advapi32

oleaut32

shlwapi

gdi32

crypt32

msi

Sections

.text Size: 435KB - Virtual size: 435KB

.rdata Size: 151KB - Virtual size: 150KB

.data Size: 10KB - Virtual size: 15KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 435KB - Virtual size: 435KB

.rdata
Size: 151KB - Virtual size: 150KB

.data
Size: 10KB - Virtual size: 15KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 592KB - Virtual size: 596KB