92395e343aa4ea061b4222faee3288f8e72d5c316cfc2c457de96ad725847bc5

Sharing

Copy URL Twitter E-mail

General

Target

92395e343aa4ea061b4222faee3288f8e72d5c316cfc2c457de96ad725847bc5
Size

378KB
MD5

e81bd9898b3dc2467a2549c4594e1368
SHA1

7a3a55192adaee95db8be7864dc9186c881a9bf1
SHA256

92395e343aa4ea061b4222faee3288f8e72d5c316cfc2c457de96ad725847bc5
SHA512

712bde9a713f1dd9ecac84e9e768400ac81ff09495b8e399b94467e48ab5447f6b910cf305dbb53896d530e5204868d4d10012b36052dfbdf85c83c675ce5a85
SSDEEP

6144:fKuzrDAx8nddllnZsVV1v2ppdqkN3FM29UqxeEKVc+IgRCdYiSb0vupa38kpBP2:flfDAxilhOVVQ1M29UuMc+ITdYiLupa2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92395e343aa4ea061b4222faee3288f8e72d5c316cfc2c457de96ad725847bc5

Files

92395e343aa4ea061b4222faee3288f8e72d5c316cfc2c457de96ad725847bc5
.exe windows x86

0e3ad7de655635ba2252215357fe3075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
GetEnvironmentVariableA
MoveFileExA
Sleep
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
GetLastError
SetLastError
SleepEx
LeaveCriticalSection
CloseHandle
VerSetConditionMask
VerifyVersionInfoW
CompareStringW
CreateFileW
GetDriveTypeW
GetStringTypeW
LCMapStringW
WriteConsoleW
HeapSize
LoadLibraryW
InitializeCriticalSection
GetTickCount
QueryPerformanceCounter
GetTempPathA
FindClose
FindFirstFileA
CreateDirectoryA
GlobalUnlock
GlobalLock
WaitForSingleObject
GlobalSize
GetTimeZoneInformation
RtlUnwind
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetProcessHeap
SetEndOfFile
SetStdHandle
FlushFileBuffers
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapFree
HeapAlloc
DeleteFileA
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapReAlloc
GetFileType
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetFileAttributesA
ExitThread
GetCurrentThreadId
CreateThread
GetTimeFormatA
GetDateFormatA
RaiseException
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

AddClipboardFormatListener
DispatchMessageA
DefWindowProcA
CreateWindowExA
RemoveClipboardFormatListener
GetClipboardData
SetWindowLongA
TranslateMessage
SetTimer
CloseClipboard
GetMessageA
OpenClipboard

advapi32

CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey

ws2_32

select
__WSAFDIsSet
htonl
htons
WSACleanup
WSAGetLastError
closesocket
ntohs
WSASetLastError
setsockopt
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
WSAResetEvent
send
getsockopt
WSAWaitForMultipleEvents
WSAStartup
WSAIoctl
socket
bind
recv
getsockname
connect
getpeername
accept
listen
freeaddrinfo
ioctlsocket
WSACloseEvent
getaddrinfo

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e3ad7de655635ba2252215357fe3075

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 310KB - Virtual size: 309KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 14KB