6aa8debd8399e0d325800eaab58bfacd2af98d3f68fad32842adee4d259d524f

Sharing

Copy URL Twitter E-mail

General

Target

6aa8debd8399e0d325800eaab58bfacd2af98d3f68fad32842adee4d259d524f
Size

47KB
MD5

b634284c4554b61bd73b335acdcc5048
SHA1

a52cb5ba7d33ed6926ee0d38d8c280237d8a0a18
SHA256

6aa8debd8399e0d325800eaab58bfacd2af98d3f68fad32842adee4d259d524f
SHA512

5e2c940d076f7e1ac17b6f6d49e8c8273d723deca74bf46bd982fa6c5cf41efd8f0fac053b57b20c9dd8c2f20e7bb0ff18a9865cafc5801c06dfb2a0a5ce43c8
SSDEEP

768:PRSzU/4gs2qn3rKxv3naICMTo/TLLkWYRJdqbrIT4N3:f9LqKZ3naICMTo/P3YRJdqbBh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6aa8debd8399e0d325800eaab58bfacd2af98d3f68fad32842adee4d259d524f

Files

6aa8debd8399e0d325800eaab58bfacd2af98d3f68fad32842adee4d259d524f
.dll windows x64

78965c1cdd5b3148c7f584d063d3fe7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetEnvironmentVariableA
CreatePipe
WriteFile
CreateFileA
GetLocalTime
GetCurrentProcessId
GetDriveTypeA
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
lstrcpyA
SetFilePointer
GetFileSize
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
OpenProcess
SetLastError
CreateProcessA
SetEvent
ResetEvent
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcAddress
GetModuleHandleA
GetCurrentProcess
CreateEventA
ReleaseMutex
CreateMutexA
SetErrorMode
GetLocaleInfoA
GetComputerNameA
GetTickCount
GetSystemDirectoryA
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
PeekNamedPipe
ReadFile
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
GetLastError
lstrcatA
lstrlenA
Sleep
CreateThread
__C_specific_handler
CloseHandle

user32

wsprintfA
GetLastInputInfo

advapi32

DeleteService
RegSetValueExA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenServiceA
OpenSCManagerA
CloseServiceHandle

msvcrt

atoi
_initterm
strncpy
time
srand
rand
rename
free
malloc
memcpy
sprintf
strstr
memset
_strupr

ws2_32

inet_ntoa
WSAStartup
ioctlsocket
WSACleanup
shutdown
select
gethostbyname
htons
socket
setsockopt
connect
send
recv
closesocket
WSAGetLastError
gethostname

psapi

GetModuleFileNameExA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78965c1cdd5b3148c7f584d063d3fe7f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

psapi

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 3.9MB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 72B

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 3.9MB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 72B