Unc4191bggjiiabbh4_browsingExe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Unc4191bggjiiabbh4_browsingExe.exe
Size

163KB
MD5

8ec339a89ec786b2aea556bedee679c7
SHA1

8b8ba74b785c6c7441dbd1b90fff580771121cd4
SHA256

0d5404652025192a426b09499e789e198328be2266f5aba5f8949d023ca0d4a6
SHA512

7cbaee442532706664c38c8599a05c295c5edba9b56c514fbd409385dbd63718170217b59c0fd468b55642a0e1358eb1ff1d51e4053a74edf66adaef0da57f90
SSDEEP

3072:ELlm5U06DijqOgu5FFh48MEh72AqegDnpWb:ELlm5U+Tgu5FFhPh2Wb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Unc4191bggjiiabbh4_browsingExe.exe

Files

Unc4191bggjiiabbh4_browsingExe.exe
.exe windows x86

511e430153ec574d5478c2d65ea0ed6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
WSASocketA
getsockopt
getsockname
WSAStartup
gethostname
socket
setsockopt
recvfrom
listen
bind
connect
ntohl
WSACreateEvent
WSAEventSelect
WSACloseEvent
shutdown
select
send
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
accept
closesocket
__WSAFDIsSet
getpeername
recv

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

libeay32

ord1654
ord3050
ord1178
ord648
ord649
ord641
ord674
ord333
ord670
ord658
ord667
ord633
ord1176
ord1508
ord1912
ord8
ord656
ord673
ord664
ord281
ord484
ord279
ord1869
ord485
ord283
ord639
ord2254
ord246
ord3212
ord253
ord2201
ord469
ord1653
ord581
ord1015
ord657
ord2429
ord653
ord680
ord227
ord223
ord1016

ssleay32

ord110
ord178
ord90
ord43
ord8
ord154
ord242
ord58
ord183
ord74
ord112
ord12
ord6
ord15
ord28
ord22
ord70
ord157
ord75
ord87
ord108
ord31
ord61
ord21
ord141
ord30
ord24
ord78
ord77
ord96
ord35
ord48

msvcr90

strrchr
_read
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
_vsnprintf
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
memchr
_errno
memcpy
free
strchr
tolower
_isatty
iscntrl
_wassert
strerror
isprint
__iob_func
exit
strcpy_s
calloc
strncpy_s
memset
strtoul
sprintf_s
strcat_s
strncat
getenv
signal
printf
ungetc
isspace
getc
atoi
fclose
fopen
strtok
fprintf
strspn
malloc
_setmode
_dup2
?_open@@YAHPBDHH@Z
_strdup
strtol
_cwait
_write
vfprintf
perror
isdigit
_dup
strlen
fflush
memmove
realloc
strncpy
_ftime64
strncmp
_open_osfhandle
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
RaiseException
InterlockedExchange
LocalFree
LocalAlloc
PeekNamedPipe
GetCurrentProcess
GetStdHandle
GetSystemTimeAsFileTime
SetStdHandle
Sleep
GetModuleHandleA
GetModuleFileNameA
FormatMessageA
CreateThread
CreateMutexA
ReadFile
WaitForMultipleObjects
WriteFile
ResetEvent
GetOverlappedResult
ExitProcess
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetProcAddress
DuplicateHandle
FreeLibrary
GetSystemDirectoryA
CreateProcessA
SetHandleInformation
CreateFileA
CloseHandle
CreateNamedPipeA
LoadLibraryA
GetLastError
CreatePipe
ReleaseMutex

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

511e430153ec574d5478c2d65ea0ed6f

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

libeay32

ssleay32

msvcr90

kernel32

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 3KB - Virtual size: 10KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 3KB - Virtual size: 10KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB