Backdoor[.]Win32[.]IRCNite[.]ihg5616c57686191e6c65808ffe8a436e8d1476b1f6c0765efdb887498b86d4d446

General

Target

Backdoor.Win32.IRCNite.ihg5616c57686191e6c65808ffe8a436e8d1476b1f6c0765efdb887498b86d4d446
Size

112KB
MD5

438c80fc376c0e3d3379ffec5a3bcd74
SHA1

6da1a89fbe0df57349bbc670af8f82deecb510b9
SHA256

5616c57686191e6c65808ffe8a436e8d1476b1f6c0765efdb887498b86d4d446
SHA512

87b6bbfd988ce9d398d2d5ac2c75c02b040760120bf0d276dd790adb0497fb330f4f98c76afed8ed3ff6e6541d9442bf0c4ee52c236f43cb601dce7042fcc56f
SSDEEP

1536:jJg+WBW+f5bB77w0DSnVZsGw+14IUTGReGpBM9FTLPfpXwvdJic5a5a5n:jhLYZB77w0AZsGYIJVpEtjBpB5in

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
Backdoor.Win32.IRCNite.ihg5616c57686191e6c65808ffe8a436e8d1476b1f6c0765efdb887498b86d4d446

Files

Backdoor.Win32.IRCNite.ihg5616c57686191e6c65808ffe8a436e8d1476b1f6c0765efdb887498b86d4d446
.exe windows x86

1fef54acc8759880603c2c6d3feb9743

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsprop

CrackName
ErrMsg
ErrMsgParam

uxtheme

GetThemeFont
SetWindowTheme
GetThemeTextMetrics
GetThemeTextExtent
GetThemeInt
GetThemeSysSize
GetThemeIntList
DrawThemeEdge
GetCurrentThemeName
GetThemeColor
GetThemeEnumValue
IsAppThemed
GetWindowTheme
GetThemeSysBool

shlwapi

UrlIsOpaqueA
PathIsRootA
UrlEscapeW
UrlIsA
UrlGetLocationW
UrlUnescapeA
UrlCanonicalizeA
UrlHashW
UrlIsNoHistoryA
UrlCreateFromPathW
PathCompactPathA
UrlGetPartA
PathCombineA

kernel32

GetAtomNameW
GetStartupInfoW
CreateHardLinkA
CreateEventA
GetDiskFreeSpaceW
GetProfileIntW
GetConsoleAliasW
SetComputerNameW
GetProcAddress
OpenWaitableTimerW
DecodePointer
OpenFileMappingW
SetComputerNameA
CreateProcessA
OpenJobObjectW
GetCommandLineW
GetModuleHandleA
SetEnvironmentVariableA
InterlockedIncrement
WaitNamedPipeA
WaitForSingleObject

crypt32

CertFindExtension
CertDeleteCRLFromStore
CertFindCRLInStore
CryptFindOIDInfo
CryptMemRealloc
CertNameToStrW
CertAlgIdToOID
CertDuplicateCRLContext
CryptMemFree
CertFindAttribute
CertDuplicateStore
CryptMsgClose

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fef54acc8759880603c2c6d3feb9743

Headers

File Characteristics

Imports

dsprop

uxtheme

shlwapi

kernel32

crypt32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 128KB

.rsrc Size: 98KB - Virtual size: 98KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 128KB

.rsrc
Size: 98KB - Virtual size: 98KB