a2b79bf6ee304a879ab7fdc2431bf78de04f2e9e8bc7e9d98647da2e4e5d4b99

General

Target

a2b79bf6ee304a879ab7fdc2431bf78de04f2e9e8bc7e9d98647da2e4e5d4b99
Size

148KB
MD5

85ee324270a777f6ce2ee328a09df7b0
SHA1

de744ac33085e2e98287a4775f6de100f9a06c8a
SHA256

a2b79bf6ee304a879ab7fdc2431bf78de04f2e9e8bc7e9d98647da2e4e5d4b99
SHA512

e0bc27a32193ff49d916165aebfce117b58a0c66bff35a176a402a9f74d5607d29ceaf50a62ff448f8e305c30d794c459adb7b4b57c4f6daf5c66cd915a69075
SSDEEP

384:xMqHNAzfPR7MBH6JFOfFqs0VURsOb+D+nD3UN+nD3Us:xM4wfZEos6Uyg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2b79bf6ee304a879ab7fdc2431bf78de04f2e9e8bc7e9d98647da2e4e5d4b99

Files

a2b79bf6ee304a879ab7fdc2431bf78de04f2e9e8bc7e9d98647da2e4e5d4b99
.exe windows x64

1a1aaa1644e2ad304db5a0e9c9e3d510

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

wsprintfA

ws2_32

getaddrinfo
closesocket
shutdown
send
setsockopt
freeaddrinfo
recv
WSAIoctl
select
connect
inet_ntoa
inet_addr
htons
ioctlsocket
WSAStartup
socket

advapi32

RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegCloseKey

kernel32

VirtualFree
GetCurrentProcess
SetEvent
WaitForSingleObject
CreateFileA
CloseHandle
LocalAlloc
GetTempPathA
GetVolumeInformationA
VirtualAlloc
SetFilePointer
WriteFile
GetModuleFileNameA
FileTimeToSystemTime
Sleep
LocalFree
ExitProcess
CreateMutexA
OpenMutexA
SystemTimeToFileTime
CreateThread
GetLocalTime
CreateEventA

secur32

GetUserNameExA
GetUserNameExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 501B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a1aaa1644e2ad304db5a0e9c9e3d510

Headers

DLL Characteristics

File Characteristics

Imports

user32

ws2_32

advapi32

kernel32

secur32

ole32

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 501B

.pdata Size: 512B - Virtual size: 324B

.rsrc Size: 132KB - Virtual size: 132KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 501B

.pdata
Size: 512B - Virtual size: 324B

.rsrc
Size: 132KB - Virtual size: 132KB