463d8393a11ee0330233e2ec0a98ff72ee96f74aab6f8241d256a2f8dc6154e0

General

Target

463d8393a11ee0330233e2ec0a98ff72ee96f74aab6f8241d256a2f8dc6154e0
Size

132KB
MD5

e812b41d44afbee81247d284efcf1636
SHA1

9362dff03897f21eb2bdab81fcc4748930e1864f
SHA256

463d8393a11ee0330233e2ec0a98ff72ee96f74aab6f8241d256a2f8dc6154e0
SHA512

4d4c3b1463b0179f6130ab527747374625787b20a40f3f94219d09633b767ee83a9674da7cbaabc432a8b7d96b62b95dd2bbde67fd0e7e9696c1451b04460243
SSDEEP

1536:5S7XdzYPXUKXBt2we9GQdRT36oQkiz1qroCxedsWOk/R2WwYlazgz:k7XdkPkKX4fQzmYxO0R2PYlacz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
463d8393a11ee0330233e2ec0a98ff72ee96f74aab6f8241d256a2f8dc6154e0

Files

463d8393a11ee0330233e2ec0a98ff72ee96f74aab6f8241d256a2f8dc6154e0
.exe windows x86

31eb3e5c8a24409a4c24b607b1e3a9ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
CloseHandle
Process32Next
CreateToolhelp32Snapshot
Sleep
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
MapViewOfFile
CreateFileMappingA
CreateThread
GetLastError
CreateMutexA
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
HeapFree
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
InterlockedExchange
VirtualQuery
SetFilePointer
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
LCMapStringA
LCMapStringW
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

MessageBoxA

ws2_32

gethostbyname
socket
send
recv
closesocket
WSAStartup
connect
htons

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31eb3e5c8a24409a4c24b607b1e3a9ea

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 48KB - Virtual size: 47KB