d7714978dcb95fc6060794a966a5a476397c9c6424196d4f942b497af3267794

Sharing

Copy URL Twitter E-mail

General

Target

d7714978dcb95fc6060794a966a5a476397c9c6424196d4f942b497af3267794
Size

536KB
MD5

b1820e49da20807cd467a995357bcd7e
SHA1

d13f9e4dd771daf889e9ca1d89a7f1167b1cfffe
SHA256

d7714978dcb95fc6060794a966a5a476397c9c6424196d4f942b497af3267794
SHA512

3cca140bfd24750ac082a83b05ef7fb792e4775b11568cdbcaae912e6e6bb60efa67b8817ade4a30ec4d0658b23d52cbbfefc60be89b22285c62dd3ddec669a8
SSDEEP

6144:r/G7dvdrgmsk/TfngjijUOhJ60Kzz3iZuF81+UyLYzeONnU9BR6zLfhi8:C7dhgm3gyhgzyZk8YUwMNnZj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7714978dcb95fc6060794a966a5a476397c9c6424196d4f942b497af3267794

Files

d7714978dcb95fc6060794a966a5a476397c9c6424196d4f942b497af3267794
.exe windows x86

4f1b672a7007d44c1284d40d95ad234a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
ntohl
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
socket
WSAGetLastError
closesocket

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

wldap32

ord217
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

normaliz

IdnToAscii

kernel32

GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
LCMapStringW
CompareStringW
HeapReAlloc
HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetEnvironmentStringsW
GetModuleFileNameW
WriteFile
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
OutputDebugStringA
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
Sleep
QueryPerformanceCounter
GetTickCount
CloseHandle
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileA
GetFileSizeEx
MultiByteToWideChar
DecodePointer
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetFileAttributesExW
SetEndOfFile
GetTimeZoneInformation
HeapSize
WriteConsoleW
ExitProcess
WideCharToMultiByte
CreateFileW
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

MessageBoxA

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetUserNameA

shell32

ShellExecuteA

Sections

.text
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f1b672a7007d44c1284d40d95ad234a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

advapi32

shell32

Sections

.text Size: 395KB - Virtual size: 394KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 395KB - Virtual size: 394KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 17KB - Virtual size: 16KB