d00e4cf94f854eca2d98addc5cbf5659485b1a35d5c78da5d115da7d198a3c4f

Sharing

Copy URL Twitter E-mail

General

Target

d00e4cf94f854eca2d98addc5cbf5659485b1a35d5c78da5d115da7d198a3c4f
Size

333KB
MD5

1aea15d9051fccc650c8c202b4ad7045
SHA1

62194f901b093cae86c20132dd706955aec80e43
SHA256

d00e4cf94f854eca2d98addc5cbf5659485b1a35d5c78da5d115da7d198a3c4f
SHA512

e9dc24194bd2cb2062f7391806bec6bf1aeadd12da69c2c47087eb3d4ba1be693da77c0e3d497b3922176f66ac5dc9ffe40f0c50dbb0469fda90f135f1b966cc
SSDEEP

6144:m5cCvGcdARXDTw0sWLihJldWEx1kM4IYd1s4mI4BAOxpUQRjD:m5c2dOXDsxhJldV1Z4IO1s5I4Brz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d00e4cf94f854eca2d98addc5cbf5659485b1a35d5c78da5d115da7d198a3c4f

Files

d00e4cf94f854eca2d98addc5cbf5659485b1a35d5c78da5d115da7d198a3c4f
.exe windows x86

88f924939ccbf2ab846d1548e7ea4201

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameA
GetDriveTypeW
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
LoadLibraryA
GetProcAddress
FreeLibrary
OutputDebugStringA
SetLastError
Sleep
GetTickCount
VirtualQuery
SetEndOfFile
GetTempPathA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WinExec
Process32First
CreateToolhelp32Snapshot
Process32Next
CloseHandle
QueryDosDeviceA
GetLogicalDrives
OpenProcess
GetProcessTimes
TerminateProcess
SetConsoleCtrlHandler
CreateMutexA
WaitForSingleObject
ReleaseMutex
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
Module32Next
Module32First
GetCurrentProcess
GetVersionExA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetModuleHandleA
DeviceIoControl
CreateFileA
GetVersion
GetStartupInfoA
CreateProcessA
GetCurrentThreadId
PeekNamedPipe
GetExitCodeProcess
CreatePipe
FindNextFileA
FindFirstFileA
FindClose
GetCurrentProcessId
DeleteFileA
GetSystemTimeAsFileTime
GetModuleHandleW
SetFileTime
DecodePointer
EncodePointer
HeapFree
GetCommandLineA
HeapSetInformation
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetTimeFormatA
GetDateFormatA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
MoveFileA
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetFileAttributesA
DeleteCriticalSection
FatalAppExitA
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
FlushFileBuffers
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
RaiseException
GetProcessHeap
CreateFileW
SetEvent
InterlockedCompareExchange
CreateEventA
InterlockedExchangeAdd
GetProcessAffinityMask
ResetEvent
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetThreadPriority
DuplicateHandle
WaitForMultipleObjects
GetSystemDirectoryA
SetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
LocalFileTimeToFileTime
SystemTimeToFileTime
ExitThread
CreateThread
GetCurrentDirectoryW
SetCurrentDirectoryW
ExitProcess
GetLastError
GetFileInformationByHandle

advapi32

RegSetValueExA
RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegDeleteValueA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
StartServiceCtrlDispatcherA
CloseEventLog
ReadEventLogA
OpenEventLogA
CreateProcessAsUserA
AdjustTokenPrivileges
LookupPrivilegeValueA
SetTokenInformation
DuplicateTokenEx

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetProcessMemoryInfo
GetProcessImageFileNameA

netapi32

NetUserGetInfo
NetUserEnum
NetApiBufferFree

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

wtsapi32

WTSEnumerateSessionsA
WTSEnumerateProcessesA
WTSFreeMemory
WTSQueryUserToken

iphlpapi

GetIfTable
GetAdaptersAddresses
GetAdaptersInfo

rpcrt4

UuidFromStringA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

user32

GetThreadDesktop
SetProcessWindowStation
SetThreadDesktop
CloseDesktop
OpenDesktopA
OpenWindowStationA
GetProcessWindowStation
CloseWindowStation

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear

ws2_32

inet_addr
ntohs
ntohl
WSAStartup
WSACleanup
__WSAFDIsSet
select
gethostname
connect
ioctlsocket
getpeername
getsockname
send
recv
gethostbyname
inet_ntoa
socket
htons
sendto
WSAGetLastError
closesocket
gethostbyaddr

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88f924939ccbf2ab846d1548e7ea4201

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

version

psapi

netapi32

setupapi

wtsapi32

iphlpapi

rpcrt4

userenv

user32

ole32

oleaut32

ws2_32

Sections

.text Size: 267KB - Virtual size: 266KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 14KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 267KB - Virtual size: 266KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 14KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 9KB - Virtual size: 9KB