291b28b44e14450af35ff0860ee56db613c1ee2a57da1b8675e16dda72e95750

Sharing

Copy URL Twitter E-mail

General

Target

291b28b44e14450af35ff0860ee56db613c1ee2a57da1b8675e16dda72e95750
Size

3.8MB
MD5

1220e1324f23df75c09d35c596ecd80e
SHA1

3ae032ee3d9bac26ad348aee45e10fad749c9348
SHA256

291b28b44e14450af35ff0860ee56db613c1ee2a57da1b8675e16dda72e95750
SHA512

faec83a8d1b78580dd535f96b9b179f8449bc4baac6204d1d2ade121baaf00de338d8387cd9e7198928983118308a10632a845707e1058f746cb4798e8a1d027
SSDEEP

49152:+9voHv+xV+9HGhTb6Fu0TSGuZVsDXF6hW+XCPPt9zcJvu2llNOqsLN43cWSC:+9voPyU9iymGIV2F6nXUt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291b28b44e14450af35ff0860ee56db613c1ee2a57da1b8675e16dda72e95750

Files

291b28b44e14450af35ff0860ee56db613c1ee2a57da1b8675e16dda72e95750
.exe windows:5 windows x86 arch:x86

a0643af2540a238512ecb1f625f02665

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

ReadConsoleA
SetConsoleMode
CreateDirectoryW
SizeofResource
FindFirstFileW
HeapFree
FindNextFileW
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
FindClose
WaitForSingleObject
GetVersionExW
OpenFileMappingW
UnmapViewOfFile
HeapSize
MultiByteToWideChar
ProcessIdToSessionId
Sleep
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
CreateProcessW
CopyFileW
WideCharToMultiByte
MapViewOfFile
GetTickCount
CreateFileMappingW
RemoveDirectoryW
GetModuleFileNameW
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DeleteFileW
Process32FirstW
LocalFree
GetCurrentDirectoryW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetModuleHandleW
CreateFileW
SetFileAttributesW
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceExW
GetComputerNameExW
GetComputerNameW
GetTempPathW
LoadLibraryW
CreateThread
GetProcAddress
FreeLibrary
GetTempFileNameW
GetEnvironmentVariableW
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
InterlockedDecrement
WaitForMultipleObjects
CreateEventW
GetExitCodeThread
SetEvent
ResetEvent
InterlockedIncrement
LocalAlloc
lstrlenW
OutputDebugStringW
LocalSize
ReadFile
SetLastError
WriteFile
GetCurrentThreadId
GlobalFree
GetLocalTime
GetFileSize
FlushFileBuffers
GetSystemTimeAsFileTime
GetCommandLineW
CreateMutexW
SetDllDirectoryA
GlobalAlloc
SetCurrentDirectoryW
LoadLibraryExW
GetExitCodeProcess
GetStdHandle
ReleaseMutex
IsBadStringPtrW
lstrcmpiW
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
SystemTimeToFileTime
FormatMessageA
CreateFileA
VirtualProtect
VirtualQuery
LoadLibraryExA
GetACP
OutputDebugStringA
GetModuleHandleA
GlobalLock
GlobalUnlock
MulDiv
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
EncodePointer
GetSystemDirectoryW
FreeResource
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetThreadPriority
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GlobalFlags
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
GetUserDefaultLCID
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTime
WriteConsoleW
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
HeapQueryInformation
ExitThread
SetStdHandle
GetCommandLineA
ExitProcess
PeekNamedPipe
GetFileType
GetDriveTypeW
RtlUnwind
SetFileCompletionNotificationModes
GetTickCount64
InitOnceExecuteOnce
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetHandleInformation
MoveFileExW
SetEnvironmentVariableW
GetTimeZoneInformation
GetLongPathNameW
QueueUserWorkItem
GetModuleHandleExW
FindFirstFileExW
SetFilePointerEx
AreFileApisANSI
SwitchToThread
QueryPerformanceFrequency
LCMapStringW
GetStringTypeW
GetCPInfo
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

sensapi

IsNetworkAlive

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 956KB - Virtual size: 955KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0643af2540a238512ecb1f625f02665

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

oleaut32

oledlg

urlmon

secur32

sensapi

bcrypt

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 956KB - Virtual size: 955KB

.data Size: 52KB - Virtual size: 89KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 148KB - Virtual size: 147KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 956KB - Virtual size: 955KB

.data
Size: 52KB - Virtual size: 89KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 148KB - Virtual size: 147KB