e5ea2f5c26c5f9b9832614479debd6c7c69b7f213360a16521d884c9cfeba02f

Sharing

Copy URL

Twitter E-mail

General

Target

e5ea2f5c26c5f9b9832614479debd6c7c69b7f213360a16521d884c9cfeba02f
Size

202KB
MD5

920ae592524df585ba6457a0a22feae2
SHA1

d1ad9c36a22a49d92e92e3f92c875a46c028bae1
SHA256

e5ea2f5c26c5f9b9832614479debd6c7c69b7f213360a16521d884c9cfeba02f
SHA512

66b5c5cfa8b0cbae19371cca64a74355a74878338ae4f56b351bffc9a2909473ced42483b49c2eca4c7bbbb26b071a5c9d0ce5c7a5687463c80fdedbaec9db2e
SSDEEP

3072:28nh2Hrp3Tlp+soN3BY2ZBHetwcyf1w5DYRZPQaQrhu8ihDNugrBVgc8gbmT2Pcs:nnw9lEs3hhyaubQTkhbrBVL8gbmT2Pcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5ea2f5c26c5f9b9832614479debd6c7c69b7f213360a16521d884c9cfeba02f

Files

e5ea2f5c26c5f9b9832614479debd6c7c69b7f213360a16521d884c9cfeba02f
.exe windows:3 windows x86 arch:x86

19369dbaf9a929d28a39d7c43e1ec6f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreA
CloseHandle
GetModuleHandleA
GetTempFileNameA
lstrcmpW
GetComputerNameA
EnumDateFormatsA
GetWindowsDirectoryW
lstrcmp
EnumDateFormatsW
OpenEventA
TlsAlloc
GetVolumeInformationA
GetDateFormatA
DeleteAtom
CreateThread
GetSystemDirectoryA
GetNumberFormatW
GetCurrentDirectoryA
CompareStringW
CreateDirectoryW
SetLocaleInfoA
RemoveDirectoryW
CreateMutexA
GetFileType
FileTimeToDosDateTime
CreateEventW
GetLogicalDriveStringsW
GetLocaleInfoA
LoadLibraryA
GetDateFormatW
GetCalendarInfoW
GetProcAddress
CreatePipe
FindResourceW
lstrcmpi
ExitProcess
EnumTimeFormatsW
GetSystemDefaultLCID
IsBadStringPtrA
CreateMutexW
CompareFileTime
EndUpdateResourceA
lstrcpyA

user32

CopyImage
EnumDesktopsA
MessageBoxIndirectA
CharUpperA
RegisterClassExA
GetParent
UpdateLayeredWindow
MonitorFromPoint
MessageBoxIndirectW
DefFrameProcA
GetWindowTextLengthA
GetWindowTextW
DefFrameProcW
DestroyIcon
CreateDesktopA
AnimateWindow
FillRect
EnableMenuItem
GetClassNameA
SetCursor
GetClassInfoExW
DialogBoxIndirectParamW
IsWindow
MoveWindow
InvalidateRect
IsDlgButtonChecked
CascadeWindows
PostQuitMessage
GetCapture
LoadBitmapA
mouse_event
SetWindowTextA
GetCursorPos
GetDC
GetMenuStringA
GetScrollPos
ChildWindowFromPoint
CloseWindow
GetMenu
EnumClipboardFormats
GetSystemMetrics
DialogBoxParamA
CharPrevA

gdi32

CreateDCW
GetWorldTransform
GetEnhMetaFilePixelFormat
GetKerningPairsA
GetMetaFileA
BeginPath
DeleteObject
PlayEnhMetaFile
Polygon
SetTextColor
EnumObjects
RoundRect
GetOutlineTextMetricsW
TextOutA
CreateBitmap
SetPixelV
GetDCBrushColor
GetPaletteEntries
GetDeviceGammaRamp
StartDocW
GetRandomRgn
SetICMProfileA
PatBlt
AbortPath
GetSystemPaletteUse
SetPaletteEntries
AddFontResourceW
GetCharABCWidthsW
SetWindowExtEx

advapi32

RegCreateKeyExA
RegQueryValueW
CryptSetProviderA
RegEnumValueW
RegCreateKeyW
RegCreateKeyA
RegCloseKey
RegSetValueA
RegOpenKeyW
RegQueryValueExW
RegFlushKey
RegEnumKeyExW
RegRestoreKeyA
RegCreateKeyExW

shell32

ExtractIconExW

ws2_32

WSARecvDisconnect
WSAAccept
getprotobyname
getpeername
WSAEnumProtocolsW
send
gethostname

wininet

FtpSetCurrentDirectoryW
CreateUrlCacheEntryA
CreateUrlCacheGroup
FindFirstUrlCacheEntryExW
LoadUrlCacheContent
RetrieveUrlCacheEntryFileW
HttpQueryInfoA
InternetSetOptionExW
PrivacySetZonePreferenceW
InternetFindNextFileA
InternetConfirmZoneCrossingA

urlmon

HlinkNavigateMoniker

winmm

midiOutGetID
mciSetYieldProc
waveOutPrepareHeader
waveOutReset
mmTaskYield
waveOutUnprepareHeader
waveOutBreakLoop

winspool.drv

AddPrinterDriverExW
EnumPrintProcessorDatatypesW
PrinterProperties
DeletePrintProvidorA
AddPortExW
DeletePrinterConnectionW
EnumPrintProcessorsA

wsock32

ntohs
gethostbyname
GetNameByTypeW
socket
getsockname
connect
GetAddressByNameA

Sections

.i
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZeqOPv
Size: 125KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TIXjL
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19369dbaf9a929d28a39d7c43e1ec6f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

wininet

urlmon

winmm

winspool.drv

wsock32

Sections

.i Size: 17KB - Virtual size: 17KB

.rdata Size: 5KB - Virtual size: 4KB

.ZeqOPv Size: 125KB - Virtual size: 249KB

.data Size: 4KB - Virtual size: 9KB

.TIXjL Size: 3KB - Virtual size: 28KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 512B - Virtual size: 4KB

.i
Size: 17KB - Virtual size: 17KB

.rdata
Size: 5KB - Virtual size: 4KB

.ZeqOPv
Size: 125KB - Virtual size: 249KB

.data
Size: 4KB - Virtual size: 9KB

.TIXjL
Size: 3KB - Virtual size: 28KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 512B - Virtual size: 4KB