208d26c07914e54a5f1575d3720effb6b04cded65942a500d000bef2ce4e5843

Sharing

Copy URL Twitter E-mail

General

Target

208d26c07914e54a5f1575d3720effb6b04cded65942a500d000bef2ce4e5843
Size

805KB
MD5

3309d84258422899f477413d0eaade07
SHA1

f9b0da75c2a8367adb42ef6ec015e0c47f822f8f
SHA256

208d26c07914e54a5f1575d3720effb6b04cded65942a500d000bef2ce4e5843
SHA512

c6286f5de8d070a28f3754c5c2589dd292efe6c884ea37ba4ebeebc5df73f4e02cde21395d93b368aa0c19b9ca644b5a6ed50bb53807c639ac78a45936491342
SSDEEP

24576:HqVWGfOnlNUwmWiVYj1tMbDCb44BvoiKzuz:x4vVYEbDCR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
208d26c07914e54a5f1575d3720effb6b04cded65942a500d000bef2ce4e5843

Files

208d26c07914e54a5f1575d3720effb6b04cded65942a500d000bef2ce4e5843
.exe windows x86

d4fb7cd0630a674fd5b66b0eb36a067f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libadns-1

adns_finish
adns_init
adns_synchronous

libassuan-0

assuan_accept
assuan_close_input_fd
assuan_close_output_fd
assuan_command_parse_fd
assuan_fdopen
assuan_get_input_fd
assuan_get_output_fd
assuan_get_pointer
assuan_init_pipe_server
assuan_new
assuan_pipe_connect
assuan_process
assuan_register_command
assuan_register_input_notify
assuan_register_option_handler
assuan_register_output_notify
assuan_register_reset_notify
assuan_release
assuan_send_data
assuan_set_error
assuan_set_gpg_err_source
assuan_set_hello_line
assuan_set_log_stream
assuan_set_malloc_hooks
assuan_set_pointer
assuan_sock_close
assuan_socket_connect
assuan_transact

libgcrypt-20

gcry_calloc
gcry_check_version
gcry_cipher_algo_info
gcry_cipher_algo_name
gcry_cipher_close
gcry_cipher_ctl
gcry_cipher_decrypt
gcry_cipher_encrypt
gcry_cipher_get_algo_blklen
gcry_cipher_get_algo_keylen
gcry_cipher_map_name
gcry_cipher_open
gcry_cipher_setiv
gcry_cipher_setkey
gcry_control
gcry_create_nonce
gcry_free
gcry_is_secure
gcry_malloc
gcry_malloc_secure
gcry_md_algo_info
gcry_md_algo_name
gcry_md_close
gcry_md_copy
gcry_md_ctl
gcry_md_debug
gcry_md_enable
gcry_md_get_algo
gcry_md_get_algo_dlen
gcry_md_hash_buffer
gcry_md_is_enabled
gcry_md_is_secure
gcry_md_map_name
gcry_md_open
gcry_md_read
gcry_md_reset
gcry_md_write
gcry_mpi_aprint
gcry_mpi_cmp
gcry_mpi_copy
gcry_mpi_get_flag
gcry_mpi_get_nbits
gcry_mpi_get_opaque
gcry_mpi_new
gcry_mpi_print
gcry_mpi_release
gcry_mpi_scan
gcry_mpi_set_opaque
gcry_pk_algo_info
gcry_pk_algo_name
gcry_pk_ctl
gcry_pk_decrypt
gcry_pk_encrypt
gcry_pk_genkey
gcry_pk_get_nbits
gcry_pk_map_name
gcry_pk_sign
gcry_pk_testkey
gcry_pk_verify
gcry_random_bytes
gcry_random_bytes_secure
gcry_randomize
gcry_realloc
gcry_set_fatalerror_handler
gcry_set_log_handler
gcry_set_outofcore_handler
gcry_set_progress_handler
gcry_sexp_build
gcry_sexp_cadr
gcry_sexp_find_token
gcry_sexp_nth_mpi
gcry_sexp_release
gcry_strdup
gcry_xcalloc
gcry_xcalloc_secure
gcry_xmalloc
gcry_xmalloc_secure
gcry_xrealloc
gcry_xstrdup

libgpg-error-0

gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_set_errno
gpg_strerror

libiconv-2

libiconv
libiconv_close
libiconv_open

zlib1

deflate
deflateEnd
deflateInit2_
deflateInit_
inflate
inflateEnd
inflateInit2_
inflateInit_

advapi32

CopySid
GetLengthSid
GetTokenInformation
IsValidSid
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreatePipe
CreateProcessA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
FreeLibrary
GetACP
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetFileInformationByHandle
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPriorityClass
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFile
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReadConsoleA
ReadFile
ReleaseMutex
ResumeThread
SetConsoleMode
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnlockFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

msvcrt

_access
_close
_dup
_fdopen
_fileno
_getpid
_isatty
_mkdir
_open
_putenv
_read
_rmdir
_setmode
_tzset
_umask
_unlink
_write
__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_exit
_filelengthi64
_fileno
_fmode
_fstati64
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_onexit
_open_osfhandle
_stricmp
_strnicmp
_unlock
_winmajor
_write
abort
atoi
calloc
clearerr
exit
fclose
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
gmtime
iscntrl
isgraph
isspace
isxdigit
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
printf
putc
putchar
puts
qsort
raise
rand
realloc
remove
rename
rewind
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
time
toupper
ungetc
vfprintf

user32

AllowSetForegroundWindow
MessageBoxA

ws2_32

WSAGetLastError
WSAStartup
closesocket
recv
send

Sections

.text
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d4fb7cd0630a674fd5b66b0eb36a067f

Headers

File Characteristics

Imports

libadns-1

libassuan-0

libgcrypt-20

libgpg-error-0

libiconv-2

zlib1

advapi32

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 654KB - Virtual size: 653KB

.data Size: 11KB - Virtual size: 11KB

.rdata Size: 116KB - Virtual size: 115KB

.bss Size: - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 654KB - Virtual size: 653KB

.data
Size: 11KB - Virtual size: 11KB

.rdata
Size: 116KB - Virtual size: 115KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 12KB - Virtual size: 11KB