51716929656f2a988e167a5b13e7cc55aa93e061e0e5cda5681071cba8faf1dc

Sharing

Copy URL

Twitter E-mail

General

Target

51716929656f2a988e167a5b13e7cc55aa93e061e0e5cda5681071cba8faf1dc
Size

347KB
MD5

b5ff844d298650467e7d45a18bfb1303
SHA1

a1dab1a6cdd93b0aa06bedcf4088a93f2e8127a4
SHA256

51716929656f2a988e167a5b13e7cc55aa93e061e0e5cda5681071cba8faf1dc
SHA512

b4c47ed3aef8b5f9c160572824b1a167a6a5a10143254f6b8908f9d37b227f5036feb5345f48eb6dadaed2c884d31dbc7b46de0fd343b9b8b3240869d518bdfa
SSDEEP

6144:hgOh2p1qF8C8gDL5GXAHsZC1JxvkChUQxL0hkMVKnzL:hgOgPqFqgD1GVg1J5pdxikfzL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51716929656f2a988e167a5b13e7cc55aa93e061e0e5cda5681071cba8faf1dc

Files

51716929656f2a988e167a5b13e7cc55aa93e061e0e5cda5681071cba8faf1dc
.exe windows:5 windows x86 arch:x86

a48c49978cac6320783992061e72bcf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetStdHandle
SetFilePointer
ExitProcess
HeapReAlloc
VirtualAlloc
EnterCriticalSection
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
HeapSize
SetEndOfFile
GetTempPathA
GetModuleHandleA
EnumDateFormatsA
GetModuleFileNameA
GlobalMemoryStatusEx
LoadLibraryA
GlobalFree
GetProcAddress
GetLastError
MultiByteToWideChar
lstrcatA
ReadFile
Sleep
LoadLibraryW
GlobalAlloc
SetCommState
GetProcessHeap
GetCurrentProcess
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetCommState
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
WriteFile
CreateFileA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

SystemParametersInfoA
BeginDeferWindowPos
SetCaretPos
SetWindowTextA
LoadCursorA
RegisterClassA
GetWindow
EndPaint
SetWindowPlacement
SetCursor
GetSystemMenu
HideCaret
PostQuitMessage
SendDlgItemMessageA
FillRect
GetTopWindow
LoadIconA
GetUserObjectSecurity
ShowCaret
BeginPaint
GetDC
GetForegroundWindow
GetWindowPlacement
GetWindowTextA
SetWindowLongA
MessageBoxA
GetWindowLongA
SetUserObjectSecurity
CreateWindowExA
ReleaseDC
EndDialog
GetDesktopWindow
SetWindowPos
AppendMenuA

gdi32

TextOutA
BitBlt
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetBkColor
CreateSolidBrush

comdlg32

GetOpenFileNameA

advapi32

LookupAccountSidA
OpenProcessToken
AddAccessAllowedAceEx
GetTokenInformation
GetSecurityDescriptorDacl
AddAce
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
RegOpenKeyExA
GetAce
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAclInformation
EqualSid

shell32

SHAppBarMessage

oleaut32

OleLoadPicturePath

odbc32

ord24
ord9
ord31
ord75
ord41

psapi

GetProcessMemoryInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

SHCreateStreamOnFileA

comctl32

ord17
CreateToolbarEx

pdh

PdhUpdateLogFileCatalog
PdhSetCounterScaleFactor

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize

imm32

ImmEscapeA

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a48c49978cac6320783992061e72bcf1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

odbc32

psapi

version

shlwapi

comctl32

pdh

gdiplus

imm32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 139KB - Virtual size: 146KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 104KB - Virtual size: 104KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 139KB - Virtual size: 146KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 104KB - Virtual size: 104KB