86a13a7c062601b59f2acfb5dfc1f048442914d9b7c87bc69feaa6a09558133a

Sharing

Copy URL Twitter E-mail

General

Target

86a13a7c062601b59f2acfb5dfc1f048442914d9b7c87bc69feaa6a09558133a
Size

66KB
MD5

7ba3b78e8ba86fd394a95d503b03b07b
SHA1

ae0b60e1c55f3ec49d13304cfadcd082fa13f254
SHA256

86a13a7c062601b59f2acfb5dfc1f048442914d9b7c87bc69feaa6a09558133a
SHA512

17e87d6b10d152dea821fa137d290251cef1b5ad63abb8f9e3cef6a450b33439c8d13fa1295d6712765fe18e24fe63e9e0ce47ed0565117933b68dd6ab22c76d
SSDEEP

1536:r+WAIBGXgOG5m7MygMaHlcWQT2jrjethLmp:rfAymgv5mRG2WNf4h6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86a13a7c062601b59f2acfb5dfc1f048442914d9b7c87bc69feaa6a09558133a

Files

86a13a7c062601b59f2acfb5dfc1f048442914d9b7c87bc69feaa6a09558133a
.exe windows x86

938683bc580f4a0649951a60789e1cf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_mime_free
curl_easy_cleanup
curl_mime_name
curl_mime_filedata
curl_easy_init
curl_mime_addpart
curl_easy_perform
curl_mime_init
curl_easy_setopt

ws2_32

send
inet_addr
WSAStartup
listen
closesocket
bind
accept
WSACleanup
ntohs
socket
WSAGetLastError
htons
recv
inet_ntoa

msvcp140

_Query_perf_frequency
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?good@ios_base@std@@QBE_NXZ

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
CloseHandle
Process32FirstW
Process32NextW
MultiByteToWideChar
CreateToolhelp32Snapshot
GetConsoleWindow
DeleteCriticalSection
GetLastError
GetTempPathA
Sleep
InitializeCriticalSectionEx
GetProcessId

user32

SetWindowPos
GetWindowThreadProcessId
GetWindow
IsWindowVisible
EnumWindows
ShowWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExW

vcruntime140

memcmp
memchr
_CxxThrowException
_except_handler4_common
__current_exception_context
__current_exception
memcpy
memset
memmove
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

toupper
tolower

api-ms-win-crt-stdio-l1-1-0

fclose
__acrt_iob_func
__p__commode
fopen
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_seh_filter_exe
_set_app_type
terminate
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_crt_atexit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_controlfp_s
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

remove
_stat64i32

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

938683bc580f4a0649951a60789e1cf3

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

ws2_32

msvcp140

kernel32

user32

advapi32

shell32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 2KB - Virtual size: 1KB