f8c513f4ea6aca4da622a820ca99c2c1b514a78407ff0d9f2708d1267fd65ca9

Sharing

Copy URL Twitter E-mail

General

Target

f8c513f4ea6aca4da622a820ca99c2c1b514a78407ff0d9f2708d1267fd65ca9
Size

121KB
MD5

18ecfb56c12e7d5726c8242d982fbd19
SHA1

d406ea84d3dbf57154d0910298d4a26ae8430e54
SHA256

f8c513f4ea6aca4da622a820ca99c2c1b514a78407ff0d9f2708d1267fd65ca9
SHA512

8a1e3a8534fd7ce3f8d6094895bc7e76387b29c93e059fa8d3b299fc4dde8a15f829bb076027e1627d51e5d15418b10da188e74dd21e024b2f5e3cdd7b37c337
SSDEEP

1536:WwfIr9D0SUy71SB+AyL4iEp1Qo1xKo7rxZiRDI/6CVoR:1o9A7yhSMMiEp1V157rxZiRDI/6coR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8c513f4ea6aca4da622a820ca99c2c1b514a78407ff0d9f2708d1267fd65ca9

Files

f8c513f4ea6aca4da622a820ca99c2c1b514a78407ff0d9f2708d1267fd65ca9
.exe windows x86

1edfbb8f81f08807acb88c33467f4042

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

json-c

json_object_object_get_ex
json_tokener_parse
json_object_get_string
json_object_put

libcurl

curl_easy_perform
curl_easy_cleanup
curl_easy_setopt
curl_slist_append
curl_formadd
curl_easy_init
curl_easy_strerror
curl_slist_free_all
curl_easy_getinfo
curl_global_cleanup
curl_global_init
curl_formfree

libclamav

cli_regcomp
cli_regexec
cli_regfree
cli_ctime
cli_gentemp
cl_retdbdir
cl_cvdhead
cl_cvdfree

pthreadvc3

pthread_mutex_lock
pthread_mutex_unlock

libssl-1_1

SSL_CTX_get_cert_store

libcrypto-1_1

ERR_error_string
d2i_X509
X509_NAME_print_ex
X509_cmp
X509_get_subject_name
X509_free
X509_dup
BIO_new
X509_STORE_add_cert
BIO_free
ERR_get_error
BIO_ctrl
BIO_s_mem

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
FindNextFileW
GetModuleHandleW
FindClose
GetSystemTimeAsFileTime
CloseHandle
GetFileAttributesExW
CreateFileA
GetCurrentDirectoryW
GetCommandLineW
GetCommandLineA
lstrcmpiA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
MoveFileA
GetLastError
TerminateProcess
InitializeSListHead
IsDebuggerPresent
FindFirstFileW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

vcruntime140

memmove
wcsrchr
wcsstr
_except_handler4_common
strchr
strstr
memcpy
memset
strrchr

api-ms-win-crt-string-l1-1-0

wcsncat
wcsncmp
strncpy
_strdup
strpbrk
strncmp
_strnicmp
wcsncpy

api-ms-win-crt-stdio-l1-1-0

fwrite
_fileno
__stdio_common_vfprintf
__stdio_common_vsprintf
feof
fread
fopen
fclose
__acrt_iob_func
_setmode
fflush
fgets
__p__commode
_set_fmode

api-ms-win-crt-filesystem-l1-1-0

remove
_umask

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
calloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_set_app_type
_seh_filter_exe
_exit
__p___argc
_initialize_narrow_environment
_set_errno
__p___argv
_get_initial_narrow_environment
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_errno
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
exit
_cexit
_initterm_e
terminate

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_time64
_ctime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoul
atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1edfbb8f81f08807acb88c33467f4042

Headers

DLL Characteristics

File Characteristics

Imports

json-c

libcurl

libclamav

pthreadvc3

libssl-1_1

libcrypto-1_1

crypt32

kernel32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 5KB - Virtual size: 4KB