5b9481d9022b0efcaed04513d338048de4aa3e1328bacc0966486ef322c0d086

Sharing

Copy URL

Twitter E-mail

General

Target

5b9481d9022b0efcaed04513d338048de4aa3e1328bacc0966486ef322c0d086
Size

1.8MB
MD5

54d967f9eb61177beabd0c5c826fd4c6
SHA1

01f797c0cca83c2f23050977a29bde11f336b781
SHA256

5b9481d9022b0efcaed04513d338048de4aa3e1328bacc0966486ef322c0d086
SHA512

a606421bd73cd192a61748ffed9b0be05433ba35b4c7e79fa5a8d811aac6036d61a5c5e803b413ca659c6d8365941e34b0af0409a1a85d4efe6dd97eeea5a111
SSDEEP

24576:OUcMeKNytFmNmR/j9mPRVTdIwGptlLjBfmnAtOeiy:OUxeKAtMNIEVEnF98y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b9481d9022b0efcaed04513d338048de4aa3e1328bacc0966486ef322c0d086

Files

5b9481d9022b0efcaed04513d338048de4aa3e1328bacc0966486ef322c0d086
.exe windows:6 windows x64 arch:x64

49403c7fa5940d83b3c1972c644d5f4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
HeapSize
GetCurrentProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
ExitProcess
GetModuleHandleA

user32

UpdateLayeredWindow
AnimateWindow
ShowWindow
GetClassInfoExA
CallWindowProcA
DefWindowProcA
DrawCaption
GetMouseMovePointsEx
ToUnicodeEx
SetLayeredWindowAttributes
ShowWindowAsync
GetWindowPlacement
DeferWindowPos
GetClipboardSequenceNumber
GetClipboardViewer
EmptyClipboard
IsClipboardFormatAvailable
GetPriorityClipboardFormat
GetOpenClipboardWindow
CharToOemBuffA
CharNextExA
CharPrevExA
IsCharAlphaNumericA
GetAltTabInfoA
RealGetWindowClassA
GetComboBoxInfo
GetWindowModuleFileNameA
ChangeDisplaySettingsExA
TileWindows
DlgDirSelectExA
GetIconInfo
DrawIconEx
CheckMenuRadioItem
IsGUIThread
GetParent
GetClassLongA
SetClassWord
SetWindowLongA
PtInRect
SubtractRect
SetRect
SetSysColors
MapWindowPoints
ScreenToClient
SetCaretBlinkTime
SetCursorPos
MessageBoxIndirectA
AdjustWindowRect
EnumPropsExA
ShowScrollBar
ScrollWindow
LockWindowUpdate
ValidateRgn
InvalidateRgn
GetWindowRgnBox
GetWindowDC
GetDC
WindowFromDC
PaintDesktop
MenuItemFromPoint
SetMenuDefaultItem
SetMenuItemInfoA
TrackPopupMenu
ModifyMenuA
GetMenuItemID
GetSubMenu
GetMenuStringA
IsWindowEnabled
EnableWindow
IsWindowUnicode
GetCapture
VkKeyScanA
ToAscii
GetKeyboardState
GetKeyState
GetActiveWindow

winspool.drv

ResetPrinterA
SetJobA
EnumJobsA
SetPrinterA
GetPrinterA
WritePrinter
FlushPrinter
AbortPrinter
ReadPrinter
GetPrinterDataA
ConnectToPrinterDlg
ConfigurePortA
GetPrinterDataExA
EnumPrinterDataA
EnumPrinterDataExA
EnumPrinterKeyA
SetPrinterDataA
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification
GetFormA
SetPortA

comdlg32

ChooseColorA
FindTextA
ReplaceTextA
GetOpenFileNameA
PrintDlgA
PrintDlgExA
CommDlgExtendedError
PageSetupDlgA
ChooseFontA
GetFileTitleA
GetSaveFileNameA

advapi32

DecryptFileA

shell32

ShellExecuteExA
ord716
SHPathPrepareForWriteA
SHBindToParent
ord176
ord47
SHGetDataFromIDListA
SHGetInstanceExplorer
ord645
ord644
DragQueryFileA
DragQueryPoint
DragFinish
DragAcceptFiles
ShellExecuteA
ShellAboutA
DuplicateIcon
ExtractIconExA
SHFileOperationA
ord4
SHGetFileInfoA
SHGetDiskFreeSpaceExA
ord179
SHSetLocalizedName
ord727
SHGetIconOverlayIndexA
ord19
ord25
ord155
ord153
ord152
ord24
ord21
ord23
ord27
ord189
SHBrowseForFolderA
SHGetDesktopFolder
SHChangeNotify
ord191
ord2

dxgi

CreateDXGIFactory

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49403c7fa5940d83b3c1972c644d5f4b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

comdlg32

advapi32

shell32

dxgi

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 20KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 20KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB