cd553030458a07be9f05e339c0c40047bdafa9ba427366fbbf7be3a86b87f96b

Sharing

Copy URL Twitter E-mail

General

Target

cd553030458a07be9f05e339c0c40047bdafa9ba427366fbbf7be3a86b87f96b
Size

9.4MB
MD5

c6ad4de40ce256477925414e1f02e83d
SHA1

291aaf4e29e850672357c1799f25569e829d5c51
SHA256

cd553030458a07be9f05e339c0c40047bdafa9ba427366fbbf7be3a86b87f96b
SHA512

7a082a26d2ac93c56cca64b34fe96d44396dcb1058e78c460d41bb6a99d42e78151505bf92d5e9e20fc1c0ef39cd3516ebfef12433a7e5a567ecac9f2cc6ffa8
SSDEEP

98304:Yp6Pf8udxvPQsPiHm8oGBis/+p1XkasXEYI02DxDF2Jaz/qerkNDpVwGhZZGFLsD:xZWdBX/WkfEYI02tpn7Pm9fhxGqiin3d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd553030458a07be9f05e339c0c40047bdafa9ba427366fbbf7be3a86b87f96b

Files

cd553030458a07be9f05e339c0c40047bdafa9ba427366fbbf7be3a86b87f96b
.exe windows:5 windows x86 arch:x86

8d664fd88d1c6826690840f36bbe4b1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTextAttribute
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
CreateMutexW
GetModuleFileNameW
GetModuleFileNameA
ExpandEnvironmentStringsW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
DeleteFileW
MoveFileW
MoveFileExW
GetProcAddress
LoadLibraryW
GetModuleHandleW
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
FreeLibrary
LoadLibraryA
ExpandEnvironmentStringsA
GetCurrentThreadId
GetModuleHandleA
GetVersion
FormatMessageW
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToFileTime
GetSystemTime
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
GetTickCount
GetStdHandle
GetLastError
WTSGetActiveConsoleSessionId
CreateFileW
GetSystemDirectoryA
GetFullPathNameW
GetCurrentDirectoryW
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapAlloc
FindResourceW
GetNativeSystemInfo
WriteFile
SizeofResource
LoadResource
WaitForSingleObject
FreeResource
CreateFileA
CloseHandle
DeviceIoControl
QueryPerformanceCounter
DeleteFileA
HeapFree
GetConsoleCP
ReadConsoleW
GetACP
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
GetStringTypeW
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
SwitchToThread
GetCurrentThread
TryEnterCriticalSection
EncodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo

user32

GetProcessWindowStation
PostMessageW
wsprintfA
SetWindowPos
GetForegroundWindow
GetWindowRect
GetCursorPos
PtInRect
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetMessageW
DispatchMessageW
PostQuitMessage
MessageBoxA
MessageBoxW
LoadIconW
GetUserObjectInformationW
TranslateMessage

shell32

SHGetFolderPathW
SHGetFolderPathA
ShellExecuteExW
SHCreateDirectoryExA
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

advapi32

RegQueryValueExA
RegOpenKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

wtsapi32

WTSQueryUserToken

shlwapi

PathRemoveFileSpecA
PathIsDirectoryA
PathAppendW
PathAppendA
PathFindFileNameA
PathIsDirectoryW
PathFileExistsA

ws2_32

ntohs
shutdown
gethostname
ioctlsocket
listen
accept
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
getsockname
getpeername
bind
htons
getsockopt
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom

wldap32

ord35
ord46
ord32
ord200
ord33
ord30
ord26
ord50
ord60
ord143
ord211
ord79
ord27
ord22
ord301
ord41

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d664fd88d1c6826690840f36bbe4b1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

advapi32

iphlpapi

version

wtsapi32

shlwapi

ws2_32

wldap32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 397KB - Virtual size: 397KB

.data Size: 45KB - Virtual size: 59KB

.rsrc Size: 9.4MB - Virtual size: 9.4MB

.reloc Size: 70KB - Virtual size: 69KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 397KB - Virtual size: 397KB

.data
Size: 45KB - Virtual size: 59KB

.rsrc
Size: 9.4MB - Virtual size: 9.4MB

.reloc
Size: 70KB - Virtual size: 69KB