debeb0543a3fb5384a0b4285ac1ff66d8953d0af01c4f14275e2df1d70209bfd

Sharing

Copy URL Twitter E-mail

General

Target

debeb0543a3fb5384a0b4285ac1ff66d8953d0af01c4f14275e2df1d70209bfd
Size

697KB
MD5

40e25fc57e131fed5e01a16a543bf369
SHA1

6c0b2a0e4fc8a0e0689e2d516ef7b040cdbd547d
SHA256

debeb0543a3fb5384a0b4285ac1ff66d8953d0af01c4f14275e2df1d70209bfd
SHA512

74c3ba6950f55f0da70ef71909cc1aaf34dcf8304a83599061dfd811fcce3b4f5575f8b92332c98491f1060a2e9cd1b380a03036014d84883f44f2a45d8ff3ea
SSDEEP

12288:U6MceFj2LnCFrPDjAyrN3GeKeuJ1LrzBpEREN7obOgrIqYB3aoj3R1j4cQxwywtk:U61srQyp9ubwREN7obTrIHBKq378cQx7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
debeb0543a3fb5384a0b4285ac1ff66d8953d0af01c4f14275e2df1d70209bfd

Files

debeb0543a3fb5384a0b4285ac1ff66d8953d0af01c4f14275e2df1d70209bfd
.exe windows x86

813cd0ac31698cf1299eaca4c1a6ab4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAGetLastError
recv
WSAStartup
inet_ntoa
gethostname
send
bind
htonl
inet_addr
closesocket
connect
getpeername
getsockname
getsockopt
htons
ioctlsocket
sendto
recvfrom
gethostbyname
ntohs
setsockopt
socket
WSASetLastError
getaddrinfo
freeaddrinfo
__WSAFDIsSet
select
accept
listen

kernel32

ReleaseSemaphore
CreateDirectoryA
GetStdHandle
EnterCriticalSection
GetConsoleScreenBufferInfo
GetModuleFileNameA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
GetSystemInfo
GetVersionExA
CreateEventA
GetFileAttributesA
InitializeCriticalSection
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrlenA
CreateProcessA
CreateSemaphoreA
OpenFileMappingA
SetEvent
DeleteFileA
CreateMutexA
GetLastError
CreateThread
FindFirstFileExW
FindClose
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
WaitForSingleObject
SetConsoleTextAttribute
MultiByteToWideChar
WideCharToMultiByte
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
LeaveCriticalSection
ExitProcess
Sleep
GetFullPathNameW
CreateFileA
SetUnhandledExceptionFilter
ResumeThread
VirtualAllocEx
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
SetFilePointer
CreateToolhelp32Snapshot
GetModuleHandleA
lstrcmpiW
Process32NextW
Process32FirstW
GetSystemDirectoryA
GetVersionExW
OpenProcess
GetFileSize
CreateFileMappingW
GetCommandLineA
LoadLibraryExA
SetFileAttributesA
GetWindowsDirectoryA
ExpandEnvironmentStringsA
LoadLibraryA
PeekNamedPipe
WaitForMultipleObjects
FormatMessageA
SleepEx
EncodePointer
DecodePointer
GetStringTypeW
HeapFree
ReadFile
HeapAlloc
ExitThread
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
AreFileApisANSI
GetCommandLineW
RaiseException
RtlUnwind
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetProcessHeap
HeapSize
WriteFile
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
SetFilePointerEx
ReadConsoleW
GetFileType
GetTimeZoneInformation
GetModuleFileNameW
FlushFileBuffers
DeleteFileW
FreeLibrary
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
SetStdHandle
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEndOfFile
SetEnvironmentVariableA

user32

DispatchMessageA
TranslateMessage
GetSystemMetrics
wsprintfA
LoadIconA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA

advapi32

CryptAcquireContextA
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenProcessToken
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
CryptCreateHash

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitializeEx

shlwapi

PathIsDirectoryA

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

wldap32

ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

shell32

ShellExecuteA

oleaut32

SafeArrayGetLBound
SysFreeString
SafeArrayGetUBound
SafeArrayGetDim
VariantInit
VariantClear
SafeArrayGetElement
SysAllocString

Sections

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

813cd0ac31698cf1299eaca4c1a6ab4f

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

shlwapi

iphlpapi

wldap32

shell32

oleaut32

Sections

.text Size: 548KB - Virtual size: 548KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 20KB - Virtual size: 33KB

.tls Size: 512B - Virtual size: 53B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 548KB - Virtual size: 548KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 20KB - Virtual size: 33KB

.tls
Size: 512B - Virtual size: 53B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB