8a533598dc68324532977a4cc42e0b09c3d70ac309d7bcdede2c77c403da564a

Sharing

Copy URL

Twitter E-mail

General

Target

8a533598dc68324532977a4cc42e0b09c3d70ac309d7bcdede2c77c403da564a
Size

694KB
MD5

60891c204c666e610ef2d364188aaff8
SHA1

5261f5fcfa3f798bcd5a865128ba06883ea49b6f
SHA256

8a533598dc68324532977a4cc42e0b09c3d70ac309d7bcdede2c77c403da564a
SHA512

df9e2148e6ce0b9ae6884818ea9d42fc2056ae777f628eeebf6d6687ac005564b80a0dd855d6c4d6a1120bba23551854a417208edf7871250593c5667ebcafd1
SSDEEP

12288:cvQmj7CAbWDgZshfwHKtTUThc8+HW6f4tL0mk41hXAqH/J02P+GlWSH5a0+DBl:QQe2AVZsh7TUW5HvuF+f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a533598dc68324532977a4cc42e0b09c3d70ac309d7bcdede2c77c403da564a

Files

8a533598dc68324532977a4cc42e0b09c3d70ac309d7bcdede2c77c403da564a
.exe windows x86

65b01f349719c0fb5d4ae31b8b3019a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
gethostname
WSAGetLastError
setsockopt
sendto
htons
recvfrom
socket
inet_pton
closesocket
recv
inet_ntoa
connect
ntohs
WSAStartup
send
inet_addr
shutdown
gethostbyname

shlwapi

PathFileExistsW
StrStrIW

libcurl

curl_easy_strerror
curl_mime_name
curl_easy_setopt
curl_slist_free_all
curl_mime_type
curl_slist_append
curl_easy_init
curl_global_cleanup
curl_global_init
curl_mime_addpart
curl_easy_getinfo
curl_mime_free
curl_mime_data
curl_mime_filename
curl_mime_init
curl_easy_cleanup
curl_easy_perform

libcrypto-1_1

X509_STORE_add_cert
OPENSSL_sk_num
OPENSSL_sk_value
BIO_free
X509_STORE_add_crl
OPENSSL_sk_pop_free
PEM_X509_INFO_read_bio
BIO_new_mem_buf
X509_INFO_free

libssl-1_1

SSL_CTX_get_cert_store

kernel32

TlsAlloc
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
ReadFile
GetFileSizeEx
GetLastError
CloseHandle
lstrlenW
DeleteFileW
GetCommandLineW
SetLastError
WriteFile
SetFilePointer
SetEndOfFile
InitializeCriticalSectionEx
CreateFileW
GetFileInformationByHandle
GetFileAttributesExW
FileTimeToSystemTime
RaiseException
DecodePointer
GetProcAddress
SetFilePointerEx
GetFileSize
DeleteCriticalSection
GetModuleHandleW
FlushFileBuffers
CreateDirectoryW
FindFirstFileW
EnterCriticalSection
FindNextFileW
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
GetTempPathW
FindClose
WaitForSingleObject
GetCurrentThreadId
CreateEventW
OutputDebugStringW
SetEvent
TerminateThread
GetLocalTime
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
TlsGetValue
ReleaseMutex
GetFullPathNameW
GetModuleFileNameW
WTSGetActiveConsoleSessionId
GetTempFileNameW
OpenMutexW
GetTickCount
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
GetSystemInfo
TerminateProcess
FreeLibrary
SetNamedPipeHandleState
WaitNamedPipeW
GetStringTypeW
TlsSetValue
TlsFree
WriteConsoleW
LoadLibraryExW
SetStdHandle
GetFileType
GetModuleHandleExW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
GetStdHandle
GetConsoleOutputCP
GetConsoleMode
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
GetTimeZoneInformation
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
CreateMutexW
GetSystemTimeAsFileTime
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
EncodePointer
QueryPerformanceCounter

advapi32

RegCloseKey
RegOpenKeyExW
SetKernelObjectSecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyExW
CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegFlushKey
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord155
SHGetFolderPathW

wtsapi32

WTSQueryUserToken

iphlpapi

GetTcpTable

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65b01f349719c0fb5d4ae31b8b3019a2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

libcurl

libcrypto-1_1

libssl-1_1

kernel32

advapi32

shell32

wtsapi32

iphlpapi

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 387KB - Virtual size: 387KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 387KB - Virtual size: 387KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB