6439884fb90e893df2716831f9f7d03ebb4e4dd7253406119ff4ce19bdc0b975

Sharing

Copy URL Twitter E-mail

General

Target

6439884fb90e893df2716831f9f7d03ebb4e4dd7253406119ff4ce19bdc0b975
Size

2.0MB
MD5

94f515a0329c6aadc78ffd4e35112164
SHA1

2f9d47a9e0074aecf9ebedbe38e3f5f8dd9f67b6
SHA256

6439884fb90e893df2716831f9f7d03ebb4e4dd7253406119ff4ce19bdc0b975
SHA512

58cc009592318a803e965c6fa126622dfdd0b3755067219f234abc32fe67f4b07d1f7eb86788af10e8213c72dd82584f321292d67448ba6c6cd4a4277b999ba6
SSDEEP

49152:nMb4O+9hg2ndfHcd4XZOONN5GkDatlREL:nk9qhg2dfH3XZdNzGMA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6439884fb90e893df2716831f9f7d03ebb4e4dd7253406119ff4ce19bdc0b975

Files

6439884fb90e893df2716831f9f7d03ebb4e4dd7253406119ff4ce19bdc0b975
.exe windows x86

db2b6cd08b3d2197485751512ed2b27f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileTime
SetFileTime
SetEndOfFile
ReadFile
GetFileSize
CreateFileW
LoadLibraryA
GetVersionExA
MoveFileA
GetFileAttributesW
GetFileAttributesA
SetFileAttributesW
CreateDirectoryA
DeleteFileA
DeleteFileW
GetModuleFileNameW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetFullPathNameW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
GetComputerNameW
GetOEMCP
CompareStringW
WriteConsoleW
LoadLibraryW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetEnvironmentVariableA
GetUserDefaultLCID
HeapSize
GetLocaleInfoW
SetStdHandle
GetStringTypeW
IsValidCodePage
GetCurrentProcessId
QueryPerformanceCounter
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetACP
GetTickCount
GetLastError
CreateThread
GetLocalTime
GetSystemTime
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
lstrcpyA
GetTempPathA
CloseHandle
FindNextFileA
GetModuleFileNameA
FindClose
SetFileAttributesA
GetProcAddress
GetLogicalDriveStringsA
FindFirstFileA
GetShortPathNameA
lstrcatA
CreateProcessA
Sleep
GetDriveTypeA
WriteFile
GetCurrentProcess
CreateFileA
GetFullPathNameA
GetComputerNameA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
HeapFree
GetCommandLineA
HeapSetInformation
RtlUnwind
GetSystemTimeAsFileTime
WideCharToMultiByte
GetTimeZoneInformation
HeapAlloc
GetProcessHeap
RaiseException
LCMapStringW
MultiByteToWideChar
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
ExitProcess
GetConsoleCP
GetConsoleMode

advapi32

RegOpenKeyExA
RegCreateKeyExA
GetUserNameA
RegCloseKey
CryptAcquireContextA
CryptAcquireContextW
CryptSignHashA
CryptDestroyHash
CryptSetHashParam
CryptCreateHash
RegQueryValueExA
CryptReleaseContext
CryptGenRandom
CryptEnumProvidersA
CryptGetProvParam
CryptExportKey
CryptDestroyKey
CryptGetUserKey
RegSetValueExA

shell32

ShellExecuteA

ws2_32

listen
connect
socket
accept
gethostbyname
recv
send
shutdown
bind
__WSAFDIsSet
select
closesocket
WSAGetLastError
htons
ntohs
inet_ntoa
ioctlsocket
setsockopt
getsockopt
WSAStartup
getsockname
inet_addr

crypt32

CertGetSubjectCertificateFromStore
CertGetCertificateContextProperty
CryptMsgGetParam
CryptMsgControl
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CertCloseStore
CertOpenStore
CryptEncodeObject
CryptEncryptMessage
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CertNameToStrW
CryptDecodeObject
CertCreateCertificateContext
CertFreeCertificateContext

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db2b6cd08b3d2197485751512ed2b27f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 491KB - Virtual size: 490KB

.data Size: 76KB - Virtual size: 93KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 111KB - Virtual size: 110KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 491KB - Virtual size: 490KB

.data
Size: 76KB - Virtual size: 93KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 111KB - Virtual size: 110KB