a76437b548e60890ed932dc65acf979643d0cca5a6ebcc846692a1d1211a733d

Sharing

Copy URL Twitter E-mail

General

Target

a76437b548e60890ed932dc65acf979643d0cca5a6ebcc846692a1d1211a733d
Size

3.4MB
MD5

3eb8373c7e70b1fca6404b532ad88bd5
SHA1

97f4c1ad0203b01a462eed65d4ad3dab7a87ce31
SHA256

a76437b548e60890ed932dc65acf979643d0cca5a6ebcc846692a1d1211a733d
SHA512

38f230ba1a0df126d6e1649f08bcd26c89d124e46437bb9df5a133e5165734d2ec92937589e74b06e988863cf64c05d7bed7f5c881ca97e374414bbe9015ebe3
SSDEEP

98304:a2W3TEOt+7o4CwXBTZndAwKsanp9QLG/OWtmEFb:iEO7sBBdAZGwtxd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a76437b548e60890ed932dc65acf979643d0cca5a6ebcc846692a1d1211a733d

Files

a76437b548e60890ed932dc65acf979643d0cca5a6ebcc846692a1d1211a733d
.exe windows x86

cf015454fd4e1581bd84954caba7449e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
GetLocalTime
SystemTimeToFileTime
GetTempPathA
GetDiskFreeSpaceA
GetACP
GetUserDefaultUILanguage
IsBadReadPtr
GetComputerNameA
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemInfo
SetLastError
GetExitCodeThread
DuplicateHandle
GetProcessHeap
HeapAlloc
TerminateProcess
CompareStringA
GetLocaleInfoW
HeapFree
GetModuleHandleA
GetModuleFileNameA
SetThreadPriority
SetPriorityClass
GetCurrentThread
IsValidLocale
VirtualQuery
GetUserDefaultLCID
GetLocaleInfoA
GetCurrentThreadId
SetConsoleCtrlHandler
OpenEventA
GetConsoleCP
GetStringTypeW
GetStringTypeA
HeapSize
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleHandleW
VirtualFree
HeapDestroy
HeapCreate
SetEvent
GetCurrentDirectoryA
GetTickCount
GetCurrentProcess
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
LockFile
UnlockFile
IsBadStringPtrW
IsBadStringPtrA
DeviceIoControl
VirtualProtect
FlushInstructionCache
GetDriveTypeA
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
GetFileTime
GetFileSize
SetEndOfFile
FlushFileBuffers
GetCurrentProcessId
SetFilePointer
ReadFile
WriteFile
GetSystemTimeAsFileTime
GetVersion
EnumSystemLocalesA
GetVersionExA
IsBadWritePtr
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
TlsFree
LocalFree
TlsGetValue
TlsSetValue
LocalAlloc
ExitProcess
TlsAlloc
GetFileAttributesA
GetFullPathNameA
SetCurrentDirectoryA
FileTimeToSystemTime
GetTimeZoneInformation
GetSystemTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLastError
GetPrivateProfileSectionA
WritePrivateProfileSectionA
AreFileApisANSI
LoadLibraryA
GetEnvironmentVariableA
CloseHandle
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
GetProfileStringA
GetStdHandle
GetConsoleMode
Sleep
WaitForSingleObject
OpenProcess
GetExitCodeProcess
CreateEventA
WaitForMultipleObjects
DeleteFileA
SetFileTime
CreateFileA

user32

CharLowerBuffA
CharUpperBuffA
DrawMenuBar
AppendMenuA
GetSystemMenu
GetSystemMetrics
CallMsgFilterA
TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
MessageBoxA
LoadStringA

advapi32

RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExA
QueryServiceConfigA
StartServiceA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegDeleteValueA
RegFlushKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

ShellExecuteExA

wsock32

accept
gethostbyaddr
gethostname
ioctlsocket
WSAStartup
gethostbyname
WSACleanup
getpeername
getsockopt
WSAGetLastError
recv
__WSAFDIsSet
select
closesocket
shutdown
send
connect
inet_ntoa
setsockopt
socket
inet_addr
bind
recvfrom
sendto
htons

Sections

__wibu00
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu02
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu03
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu04
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu05
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu06
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 735KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu07
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu08
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu09
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf015454fd4e1581bd84954caba7449e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shell32

wsock32

Sections

__wibu00 Size: 1.2MB - Virtual size: 1.2MB

__wibu01 Size: 15KB - Virtual size: 15KB

__wibu02 Size: - Virtual size: 3KB

__wibu03 Size: 11KB - Virtual size: 11KB

__wibu04 Size: - Virtual size: 16B

__wibu05 Size: 512B - Virtual size: 24B

__wibu06 Size: 93KB - Virtual size: 93KB

.rsrc Size: 735KB - Virtual size: 735KB

__wibu07 Size: 1.3MB - Virtual size: 1.3MB

__wibu08 Size: 32KB - Virtual size: 48KB

__wibu09 Size: 60KB - Virtual size: 64KB

__wibu00
Size: 1.2MB - Virtual size: 1.2MB

__wibu01
Size: 15KB - Virtual size: 15KB

__wibu02
Size: - Virtual size: 3KB

__wibu03
Size: 11KB - Virtual size: 11KB

__wibu04
Size: - Virtual size: 16B

__wibu05
Size: 512B - Virtual size: 24B

__wibu06
Size: 93KB - Virtual size: 93KB

.rsrc
Size: 735KB - Virtual size: 735KB

__wibu07
Size: 1.3MB - Virtual size: 1.3MB

__wibu08
Size: 32KB - Virtual size: 48KB

__wibu09
Size: 60KB - Virtual size: 64KB