85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5

Sharing

Copy URL Twitter E-mail

General

Target

85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5
Size

126KB
MD5

8c80dd97c37525927c1e549cb59bcbf3
SHA1

4e80fa7d98c8e87facecdef0fc7de0d957d809e1
SHA256

85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5
SHA512

50e9a3b950bbd56ff9654f9c2758721b181e7891384fb37e4836cf78422399a07e6b0bfab16350e35eb2a13c4d07b5ce8d4192fd864fb9aaa9602c7978d2d35e
SSDEEP

1536:YEI4kX/3TWbMPqc+4GJky+IBgXDfsggZK4WBc+FtDc+AX4VHKpdhxm/wl6uv/+Ws:ITiMPqiruJB+rrAX4edbmruvmkI79

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5

Files

85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5
.exe windows x86

43ab0829235f0f3299a0baee637645e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
Sleep
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
GetTickCount
InitializeCriticalSection
CreateEventW
CreateThread
GetLastError
GetExitCodeThread
DeleteCriticalSection
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId

trch-1

Parameter_Port_getValue
Params_findParameter
Parameter_Boolean_setValue
Params_findParamchoice
Paramchoice_hasValue
Paramchoice_getValue
Parameter_hasValue
Parameter_U32_getValue
Parameter_S16_getValue
Parameter_IPv4_getValue
Parameter_Boolean_getValue

tucl-1

TcLogBuffer
TcLog

ws2_32

inet_ntoa
WSAStartup
socket
WSAGetLastError
setsockopt
htonl
connect
recvfrom
select
sendto
ntohs
send
recv
WSACleanup
closesocket
accept
listen
bind
htons
inet_addr

coli-0

coli_setCleanup
coli_create
coli_delete
mainWrapper
coli_setValidate
coli_setID
coli_setProcess

msvcrt

srand
strcmp
time
_snprintf
strncpy
rand
gmtime
sscanf
tolower
toupper
islower
strncat
pow
strlen
memcmp
strtoul
memmove
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
memcpy
realloc
free
memset
malloc
_iob
fprintf
abort
printf

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43ab0829235f0f3299a0baee637645e2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

trch-1

tucl-1

ws2_32

coli-0

msvcrt

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 10KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 10KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 4KB