0427170a425a312ff79a842659a4009f9133e726a5ae5a54dd0863324449abaf

Sharing

Copy URL Twitter E-mail

General

Target

0427170a425a312ff79a842659a4009f9133e726a5ae5a54dd0863324449abaf
Size

7.0MB
MD5

5f630d082a2900733b235a6d02242de4
SHA1

63d42724261159cd367a41ea88c707a0080451ce
SHA256

0427170a425a312ff79a842659a4009f9133e726a5ae5a54dd0863324449abaf
SHA512

67e41090e733a74e10ba5440051fabff65789b888a04151c3faa1d488c4f1330f558d2d773dc56572cd4d8005233c6742e3f0e563a976b1d5603e026d28f1e9f
SSDEEP

98304:iCEXQ5djH/XyA+O07y939qrllspMqVXQVZzNdzHuTXcRzCPK:6Q32AZ0mqlOywQPPbm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0427170a425a312ff79a842659a4009f9133e726a5ae5a54dd0863324449abaf

Files

0427170a425a312ff79a842659a4009f9133e726a5ae5a54dd0863324449abaf
.exe windows x86

2186b23187f953940d3c4a4ac661668a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
inet_pton
inet_ntop
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
shutdown
setsockopt
listen
bind
recvfrom
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
gethostbyname
ntohs
getsockopt
getsockname
ioctlsocket
__WSAFDIsSet
sendto
getpeername
accept
gethostname
connect
recv
select
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
socket
send
closesocket

advapi32

CryptSignHashW
CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
CryptEnumProvidersW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam

crypt32

CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CertGetCertificateContextProperty
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
PFXImportCertStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptStringToBinaryW

bcrypt

BCryptGenRandom

kernel32

CreateProcessW
DeleteFileW
HeapSize
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetCurrentDirectoryW
GetConsoleOutputCP
SetConsoleOutputCP
FindClose
FindFirstFileA
FindNextFileA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateProcessA
CreateSemaphoreA
GetStartupInfoA
CreateFileA
CreateFileW
GetFileSizeEx
ReadFile
SetFilePointer
WriteFile
GetLastError
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
IsValidCodePage
GetACP
GetOEMCP
GetFileAttributesW
GetFileAttributesA
GetFileInformationByHandle
GetFileType
GetFullPathNameW
PeekNamedPipe
GetExitCodeProcess
Sleep
GetStdHandle
SearchPathA
DuplicateHandle
SetHandleInformation
CreatePipe
GetCurrentProcess
OpenProcess
GetProcAddress
LoadLibraryA
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetEnvironmentVariableW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemInfo
VirtualFree
GetSystemDirectoryA
FreeLibrary
FormatMessageA
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageW
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
LoadLibraryW
GetEnvironmentVariableA
MoveFileExW
WaitForSingleObjectEx
WaitForMultipleObjects
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
WriteConsoleW
CreateDirectoryA
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventA
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
SetThreadPriority
GetTimeZoneInformation
SetEndOfFile
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetConsoleCtrlHandler
SetStdHandle
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TryEnterCriticalSection
GetExitCodeThread
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2186b23187f953940d3c4a4ac661668a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

crypt32

bcrypt

kernel32

user32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 37KB - Virtual size: 70KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 196KB - Virtual size: 196KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 37KB - Virtual size: 70KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 196KB - Virtual size: 196KB