d28e15885342f2c64549bd595bd85f00N

Sharing

Copy URL Twitter E-mail

General

Target

d28e15885342f2c64549bd595bd85f00N
Size

692KB
MD5

d28e15885342f2c64549bd595bd85f00
SHA1

c3b73d18b687f6080abba045841c09e48c338431
SHA256

e0a8b708c2713d1000b11ea1b23651ba6c329a2def8af44665e6293381447b99
SHA512

658cd695d5654dc0a010a7f59ee4f5ef2a2cd54c70044bfd591f774d31cdcbef076c2bfde11298d023a91aa5042cfc7923704770fa8abdc210b390f1b3fb87b2
SSDEEP

12288:/FOYHGAvV40kfLlpgWDQKDabq2yWqIpkaLbM4K17ujCkAemBbZ692vTqsRTS4dX4:IYHGAva0iLnxDQ6ab5ygppLbxKtuD2Bq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d28e15885342f2c64549bd595bd85f00N

Files

d28e15885342f2c64549bd595bd85f00N
.exe windows:6 windows x86 arch:x86

660b587f557da48c29bdacdf5e783730

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfW
wvnsprintfA
StrToInt64ExA
PathCombineW

kernel32

GetModuleFileNameW
CreateMutexW
GetLocaleInfoA
CreateEventW
GetTimeZoneInformation
GetLastError
LockResource
CloseHandle
GetSystemInfo
LoadResource
FindResourceW
GetLocalTime
GetCurrentDirectoryW
ExitProcess
GetComputerNameW
GlobalMemoryStatusEx
CreateProcessW
GetTickCount
ReadFile
FindFirstFileW
GetFileSizeEx
FindNextFileW
WriteFile
FindClose
CreateFileW
GetFileAttributesW
SetFilePointerEx
GetFileSize
GetTempFileNameW
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetVolumeInformationW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetUserDefaultLangID
GetFullPathNameA
SetEndOfFile
UnlockFileEx
WaitForSingleObject
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
GetFileInformationByHandle
FileTimeToSystemTime
GetConsoleCP
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleA
LocalFree
GetTempPathW
GlobalUnlock
CopyFileW
GlobalLock
DeleteFileW
GetConsoleMode
DecodePointer
WriteConsoleW
SetFilePointer
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetCurrentThread
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
GetStdHandle
GetFileType
CompareStringW
LCMapStringW
FindFirstFileExW

user32

EnumDisplayDevicesW
GetKeyboardLayoutList
GetSystemMetrics

advapi32

CryptGetHashParam
CredEnumerateW
CredFree
OpenProcessToken
GetUserNameW
GetTokenInformation
CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSetKeyParam
CryptImportKey
CryptReleaseContext

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
GetHGlobalFromStream

Sections

.text
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

660b587f557da48c29bdacdf5e783730

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

Sections

.text Size: 555KB - Virtual size: 554KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 11KB - Virtual size: 446KB

.rsrc Size: 1024B - Virtual size: 608B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 555KB - Virtual size: 554KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 11KB - Virtual size: 446KB

.rsrc
Size: 1024B - Virtual size: 608B

.reloc
Size: 20KB - Virtual size: 20KB