445d46fc1062b208c0a0706a328c51f932f6f05a035da1822e89a6384a11bb54

Sharing

Copy URL Twitter E-mail

General

Target

445d46fc1062b208c0a0706a328c51f932f6f05a035da1822e89a6384a11bb54
Size

2.0MB
MD5

81ae88ae57a4faa665006e5a56b67ee3
SHA1

70cc2f2115f97760d56294ffb6699c203ea61704
SHA256

445d46fc1062b208c0a0706a328c51f932f6f05a035da1822e89a6384a11bb54
SHA512

1cff5416b6b94c53df3928ba4dcfa285dd3dfd8d1822327d77e22d356418b0a0e53d178749d6b3891854146bf83d0c12e632efc7216a1092e7e1c980b71911b8
SSDEEP

49152:fvFHHf9rweMSSw34R0PvFSNBSQYdTpTgDAuV2/oqd:fvnzMdW51SLSQU5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
445d46fc1062b208c0a0706a328c51f932f6f05a035da1822e89a6384a11bb54

Files

445d46fc1062b208c0a0706a328c51f932f6f05a035da1822e89a6384a11bb54
.exe windows:5 windows x86 arch:x86

3af018a35725886d471940351b30d3e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
WaitForSingleObject
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
lstrcpyW
FileTimeToDosDateTime
GetCurrentProcess
SetEndOfFile
GetLocalTime
GetFileType
GetFileInformationByHandle
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
CreateFileMappingA
GlobalMemoryStatusEx
GetSystemWow64DirectoryA
GetUserDefaultLocaleName
GetComputerNameA
GetFileAttributesExA
lstrcpyA
DeleteFileA
CloseHandle
GetCurrentDirectoryA
FindNextFileA
FindClose
GlobalFree
CopyFileA
GetLastError
FindFirstFileA
SetCurrentDirectoryA
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
CreateDirectoryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
SetStdHandle
GetConsoleMode
GetConsoleCP
GetModuleHandleA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
GetTimeZoneInformation
GetModuleFileNameA
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDriveTypeA
FileTimeToLocalFileTime
lstrcatA
ReadFile
GlobalAlloc
WriteFile
lstrlenA
lstrcmpA
GetFileSize
CreateFileA
RemoveDirectoryA
FileTimeToSystemTime
ExitProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
FindFirstFileW
FindNextFileW
GetModuleHandleW
GetVersion
GetStdHandle
InitializeCriticalSectionAndSpinCount
TlsAlloc
SetLastError
TlsGetValue
TlsSetValue
TlsFree
InterlockedExchangeAdd
GetModuleHandleExW

user32

wsprintfW
IsCharUpperA
GetDC
ReleaseDC
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
EnumDisplayDevicesA
wsprintfA

gdi32

BitBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

CryptDecrypt
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
RegQueryValueExA
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetUserNameA
GetCurrentHwProfileA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
CryptCreateHash

shell32

SHGetFolderPathA
ShellExecuteA
SHFileOperationA

ole32

CreateStreamOnHGlobal

ws2_32

WSASetLastError
shutdown
send
connect
recv
closesocket
setsockopt
socket
ioctlsocket
WSACleanup
WSAStartup
getsockopt
WSAGetLastError
getaddrinfo
getnameinfo
ntohs
freeaddrinfo

shlwapi

PathFindNextComponentA
StrStrA
StrChrA
PathIsDirectoryEmptyA
PathAppendA
StrRChrA
PathCombineA
PathIsDirectoryA
PathFileExistsA

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown

crypt32

CryptStringToBinaryA
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CryptUnprotectData

urlmon

URLDownloadToFileA

wininet

HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetReadFile

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3af018a35725886d471940351b30d3e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

gdiplus

crypt32

urlmon

wininet

wtsapi32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 450KB - Virtual size: 450KB

.data Size: 14KB - Virtual size: 40KB

.reloc Size: 81KB - Virtual size: 81KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 450KB - Virtual size: 450KB

.data
Size: 14KB - Virtual size: 40KB

.reloc
Size: 81KB - Virtual size: 81KB