5d2aacdcec558740958d828666641c59807af6f632ca205f7cddbf840e18a69b

Sharing

Copy URL Twitter E-mail

General

Target

5d2aacdcec558740958d828666641c59807af6f632ca205f7cddbf840e18a69b
Size

931KB
MD5

312e971675bd2391c87926d42251262a
SHA1

008d132bea09e16f43eb5e3ced8dbd237931277f
SHA256

5d2aacdcec558740958d828666641c59807af6f632ca205f7cddbf840e18a69b
SHA512

f22a9aa441f6516149fae3b058af530883757c83d2a70c7d485c29a701bfbb234a391c9741e401b86c51a96bd121f9ceff55a85a4a748308b138a42744af9fc2
SSDEEP

12288:jZ+sYdRV7CgiRoR9RKJ6k3nTNZ/QCF0hhOWfCKpO3+ZPLF6h57JhFKPjY4tDIJ2:jZtYM5KCFsOW7M+ZPLAbh/7c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d2aacdcec558740958d828666641c59807af6f632ca205f7cddbf840e18a69b

Files

5d2aacdcec558740958d828666641c59807af6f632ca205f7cddbf840e18a69b
.exe windows x86

c5f95d7918aec30522a86e64508ab6d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mfc100

ord2626
ord305
ord5242
ord2611
ord262
ord2063
ord259
ord11274
ord1317
ord11439
ord13310
ord11297
ord13329
ord2061
ord2818
ord4498
ord6010
ord2056
ord265
ord888
ord1288
ord316
ord300
ord310
ord3839
ord1985
ord2087
ord2067
ord2119
ord4207
ord4188
ord2525
ord7317
ord4936
ord979
ord423
ord1929
ord13124
ord1480
ord7876
ord4144
ord11627
ord1483
ord10930
ord5036
ord12541
ord462
ord12540
ord12665
ord11243
ord11963
ord7487
ord11781
ord1481
ord1479
ord1437
ord4283
ord7832
ord1485
ord306
ord901
ord1313
ord1316
ord1294
ord266
ord1982
ord1296
ord4317

msvcr100

_stricmp
memcpy_s
fopen
fread
fwrite
ldiv
fclose
feof
sscanf
strchr
fgets
rename
_time32
atoi
_localtime32
_beginthread
_difftime32
strtok
fprintf
_mktime32
isalnum
free
qsort
malloc
strncpy
isdigit
toupper
_stat32
atol
atof
_mbsncmp
_mbsstr
_mbccpy
_mbsnbcmp
_mbschr
_mbclen
_resetstkoflw
ftell
fseek
memset
_splitpath
strstr
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
sprintf
__CxxFrameHandler3
_CxxThrowException
_strlwr
_memicmp
_strupr
_strnicmp
_unlink
memcpy
_CIsqrt
_CIpow
printf

kernel32

InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
InitializeCriticalSection
GetLastError
GetModuleFileNameA
DeleteCriticalSection
LocalFree
LeaveCriticalSection
EnterCriticalSection
WritePrivateProfileSectionA
IsProcessorFeaturePresent
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
FreeLibrary
LoadLibraryW
GetProcAddress
WideCharToMultiByte
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetTempPathA
GetTempFileNameA
LockResource
MoveFileA
CopyFileA
SizeofResource
LoadResource
FindResourceA
ResumeThread
SuspendThread
SetThreadPriority
DeleteFileA
GetModuleHandleA
GetLocalTime
GetCommandLineA
GetPrivateProfileStringA
OutputDebugStringA
WritePrivateProfileStringA
CreateDirectoryA
Sleep
GetPrivateProfileIntA
lstrlenA
WaitForSingleObject

user32

PtInRect
wsprintfA

advapi32

RegCloseKey
CloseServiceHandle
StartServiceCtrlDispatcherA
DeleteService
RegisterServiceCtrlHandlerA
CreateServiceA
StartServiceA
SetServiceStatus
OpenSCManagerA
ControlService
RegQueryValueExA
RegCreateKeyExA
OpenServiceA

ole32

CoUninitialize
OleRun
CoCreateInstance
CoInitialize

oleaut32

GetErrorInfo
SysFreeString
VariantInit
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString

ws2_32

gethostname
gethostbyname
connect
select
WSAGetLastError
htons
setsockopt
sendto
recv
bind
socket
closesocket
send
listen
accept
inet_ntoa
inet_addr
WSAStartup

Sections

.text
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5f95d7918aec30522a86e64508ab6d4

Headers

DLL Characteristics

File Characteristics

Imports

version

mfc100

msvcr100

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

Sections

.text Size: 636KB - Virtual size: 636KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 68KB - Virtual size: 2.1MB

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 636KB - Virtual size: 636KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 68KB - Virtual size: 2.1MB

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 76KB - Virtual size: 75KB