e03bc507717826806dd943bda589ed1b52d12dafc2d85ad9eefb7033e3428bfe

Sharing

Copy URL

Twitter E-mail

General

Target

e03bc507717826806dd943bda589ed1b52d12dafc2d85ad9eefb7033e3428bfe
Size

1.2MB
MD5

73e11cce1fef90f0ae7c5368586b17a4
SHA1

a452f44ef1304f87b8507e01cdf31f12969dfa47
SHA256

e03bc507717826806dd943bda589ed1b52d12dafc2d85ad9eefb7033e3428bfe
SHA512

61a546a7b4a8ce7e698556308408e2c89a83ef797af3db5b1558793b810398fce9fe8837932c7561fd094b2a1e2f31a13fa1df850def1eacdc968278fa3eff16
SSDEEP

24576:kLuzeTlbCCN/xnwT445qBNwwwPCBu9o2wwPCBu9ok:ClmCN/aT7cOwwPCBu9o2wwPCBu9o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e03bc507717826806dd943bda589ed1b52d12dafc2d85ad9eefb7033e3428bfe

Files

e03bc507717826806dd943bda589ed1b52d12dafc2d85ad9eefb7033e3428bfe
.exe windows x86

1f67e839dbc25c56cfb330679c550155

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileA
OutputDebugStringW
GetTickCount
GetSystemTimeAsFileTime
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetLastError
SleepEx
GetVersionExA
CloseHandle
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
FormatMessageA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetModuleFileNameW
CreateProcessW
GetCurrentProcessId
GetCurrentDirectoryA
FindFirstFileA
FindClose
OutputDebugStringA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThreadId
FreeLibrary
ExitThread
HeapReAlloc
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
InitializeCriticalSection
GetProcessHeap
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
WriteConsoleW
LoadLibraryW
GetStringTypeW
GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapCreate
ExitProcess
HeapSize
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
HeapFree
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteFile
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
FindFirstFileExA
GetDriveTypeA
InterlockedIncrement
LocalAlloc
LocalFree
CreateThread
CreateFileW
InterlockedDecrement
EncodePointer
DecodePointer
RaiseException
RtlUnwind
SetFilePointer

advapi32

CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantCopy
VariantInit
SysAllocStringLen
SysFreeString
VariantClear

ws2_32

listen
accept
recvfrom
sendto
getservbyport
gethostbyaddr
ioctlsocket
htonl
inet_ntoa
gethostbyname
inet_addr
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
gethostname
shutdown
WSACleanup
getservbyname

wldap32

ord143
ord60
ord26
ord211
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord22
ord30
ord50

shlwapi

StrStrIA
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathAppendA

user32

wsprintfA

Sections

.text
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f67e839dbc25c56cfb330679c550155

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

ws2_32

wldap32

shlwapi

user32

Sections

.text Size: 403KB - Virtual size: 402KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 11KB - Virtual size: 54KB

.rsrc Size: 729KB - Virtual size: 729KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 403KB - Virtual size: 402KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 11KB - Virtual size: 54KB

.rsrc
Size: 729KB - Virtual size: 729KB

.reloc
Size: 41KB - Virtual size: 40KB