5535ef7be893fc46e50c9e01c753479968534a56673625b1dcac9f79d19fb9a1

Sharing

Copy URL Twitter E-mail

General

Target

5535ef7be893fc46e50c9e01c753479968534a56673625b1dcac9f79d19fb9a1
Size

998KB
MD5

914d5be9d001f21968db1e35b97e714e
SHA1

1fa65df16f78fbda9f438e455d290d88513bc6b7
SHA256

5535ef7be893fc46e50c9e01c753479968534a56673625b1dcac9f79d19fb9a1
SHA512

22541b181d57487f65a3b1a16f1e40c0d66144d7da7c5f884f459b230338acb02f51c848562e1ba1444053d033ef7f6c42f1c0060c92ccc0d9b9d6028d59c9f8
SSDEEP

12288:iahwpht8WMDcQtJ2OvoDbrzUgK19aKDm40zFcr8mT3a3MOxbn3dcil6:jetGcY0rzUT1MEd0S8mT3afNci

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5535ef7be893fc46e50c9e01c753479968534a56673625b1dcac9f79d19fb9a1

Files

5535ef7be893fc46e50c9e01c753479968534a56673625b1dcac9f79d19fb9a1
.dll windows:4 windows x64 arch:x64

4550ee240fe3db8d17dabf75d0de74a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

setupapi

IsUserAdmin

advapi32

CloseServiceHandle
GetTokenInformation
GetUserNameA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus

imagehlp

ImageDirectoryEntryToData
ImageRvaToSection

kernel32

CloseHandle
CompareStringA
CompareStringW
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DeviceIoControl
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FindResourceExA
FormatMessageA
FreeLibrary
FreeResource
GetCPInfo
GetCommandLineA
GetComputerNameA
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExA
GetFileSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLongPathNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
ReadFile
ReadProcessMemory
RemoveDirectoryA
ResetEvent
ResumeThread
SetCurrentDirectoryA
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WriteProcessMemory

ole32

CoCreateGuid

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

shell32

SHGetSpecialFolderPathA

user32

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharUpperBuffW
GetSystemMetrics
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
WaitForInputIdle

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAStartup
gethostbyname
gethostname
inet_ntoa

Exports

Exports

ADDINNATIVEAPI_DESTROYOBJECT$POINTER$$LONGINT
ADDINNATIVEAPI_GETCLASSNAMES$$PWIDECHAR
ADDINNATIVEAPI_GETCLASSOBJECT$PWIDECHAR$POINTER$$LONGINT
DestroyObject
GetClassNames
GetClassObject

Sections

.text
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_MEM_DISCARDABLE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4550ee240fe3db8d17dabf75d0de74a3

Headers

File Characteristics

Imports

setupapi

advapi32

imagehlp

kernel32

ole32

oleaut32

shell32

user32

version

wsock32

Exports

Exports

Sections

.text Size: 663KB - Virtual size: 663KB

.data Size: 210KB - Virtual size: 210KB

.bss Size: - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 8B

.idata Size: 6KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 312B

.rsrc Size: 97KB - Virtual size: 96KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 663KB - Virtual size: 663KB

.data
Size: 210KB - Virtual size: 210KB

.bss
Size: - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 8B

.idata
Size: 6KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 312B

.rsrc
Size: 97KB - Virtual size: 96KB

.reloc
Size: 19KB - Virtual size: 18KB