d5941c64e562641077190060c556ff40f0a643014e7fa6a38ab4d9de686757d2

Sharing

Copy URL

Twitter E-mail

General

Target

d5941c64e562641077190060c556ff40f0a643014e7fa6a38ab4d9de686757d2
Size

80KB
MD5

e7c303914f9d57aeed9c0ab30fda5a79
SHA1

dc4805f8e543ca975b97441fc1acf009f5829d18
SHA256

d5941c64e562641077190060c556ff40f0a643014e7fa6a38ab4d9de686757d2
SHA512

9f80b55265f4f0f259ceaebe1dec0cd2fddcecac3d51edbaf848db2ac5ea3c9bfaa9215e4fe9f17c4b759d6947f83b80487888a1a1b67f10763a767e4345b181
SSDEEP

1536:ZnTOCd8FKmL6yw2loTA4mxFBNc8Mj3tuodgMnps/90AMU9qVBwMGNzsmXl:Znxa3loE4cb5M5kMnpo90kO+1zsmV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2909051344dd80a33dfd47d1cf60372ba535aa3745ed0df8434681a3e715f32d

Files

d5941c64e562641077190060c556ff40f0a643014e7fa6a38ab4d9de686757d2
.zip

Password: infected
2909051344dd80a33dfd47d1cf60372ba535aa3745ed0df8434681a3e715f32d
.exe windows:4 windows x86 arch:x86

e043befb9ef1f4fe48f2d3182b440d00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord30
ord8
ord57

gdi32

GetMetaFileBitsEx
OffsetWindowOrgEx
SetBoundsRect
GetEnhMetaFileW
CreateEnhMetaFileA
CreateBitmapIndirect
CreateHalftonePalette
GetBkColor
StrokePath
GetBoundsRect
ExtFloodFill
GetTextExtentPoint32W
GetTextMetricsW
PathToRegion
SetWindowExtEx
SetGraphicsMode
GetCurrentObject
GetTextExtentPointA

oleaut32

VarDateFromR4
VarI2FromDisp
DispGetParam
SysReAllocString
VarUI1FromR8
VarUI1FromI1

version

GetFileVersionInfoSizeW

kernel32

GetModuleHandleA
GetStartupInfoA
GlobalFindAtomW
FlushFileBuffers
GetModuleHandleW

wininet

SetUrlCacheEntryInfoA
FindNextUrlCacheEntryExA
InternetSetCookieW
InternetCloseHandle
CreateUrlCacheEntryW
FindFirstUrlCacheEntryA
InternetAutodialHangup
HttpSendRequestExW
FtpRenameFileA
RetrieveUrlCacheEntryStreamW
InternetSetFilePointer
GopherCreateLocatorA

ole32

StgCreatePropSetStg

winspool.drv

DeletePrinterConnectionW
AddPortA
EnumPrinterDriversW
AddPrintProcessorW
EnumPrinterDataA
DeletePrintProcessorA
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
DeleteMonitorA
SetPortA
DocumentPropertiesA
EnumFormsA

setupapi

SetupCloseLog

pdh

PdhValidatePathA
PdhGetLogFileSize

user32

CallMsgFilterW
DdeAccessData
GetWindowContextHelpId
DeleteMenu
InsertMenuA
CharUpperBuffW
SendMessageTimeoutA
GetClassInfoExW
DdeQueryConvInfo
CreateDialogParamA
GetMessagePos
SetProcessWindowStation
MessageBoxW
CallNextHookEx
IsWindow
DrawFrameControl
GetNextDlgTabItem
GetClipboardFormatNameW
GetWindowTextLengthW
GetKeyboardType
DrawAnimatedRects
GetMessageA

msvcrt

_adjust_fdiv
_except_handler3
_exit
_controlfp
__set_app_type
__p__fmode
__p__commode
memcmp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter

advapi32

SetNamedSecurityInfoW
EnumServicesStatusW
RegOpenKeyW
RegEnumValueA
RegUnLoadKeyW
RegEnumKeyExA
CreateProcessAsUserW
AdjustTokenPrivileges

rpcrt4

RpcMgmtInqStats
I_RpcBindingIsClientLocal
NdrNonEncapsulatedUnionUnmarshall
NDRSContextUnmarshallEx
RpcAsyncInitializeHandle
NdrConformantStructMarshall
RpcSmSetThreadHandle
I_RpcFreeBuffer
NdrEncapsulatedUnionMemorySize
I_RpcBindingCopy
MIDL_wchar_strcpy
float_from_ndr
NdrFreeBuffer
NdrUserMarshalSimpleTypeConvert
RpcServerUseProtseqExW
NdrSimpleStructFree
I_RpcGetCurrentCallHandle
I_RpcBindingInqTransportType
I_RpcAsyncSetHandle
RpcBindingInqAuthClientW
UuidFromStringA
NdrSimpleStructMarshall

imm32

ImmGetIMEFileNameW

rasapi32

RasDialA

oleacc

WindowFromAccessibleObject

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

e043befb9ef1f4fe48f2d3182b440d00

Headers

File Characteristics

Imports

msi

gdi32

oleaut32

version

kernel32

wininet

ole32

winspool.drv

setupapi

pdh

user32

msvcrt

advapi32

rpcrt4

imm32

rasapi32

oleacc

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 25KB - Virtual size: 3.5MB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 25KB - Virtual size: 3.5MB