a0e62b0ab129c386e976d68e5a7c7b70fdf6e66aaffd151745381a45376a0fe3

Sharing

Copy URL Twitter E-mail

General

Target

a0e62b0ab129c386e976d68e5a7c7b70fdf6e66aaffd151745381a45376a0fe3
Size

1.8MB
MD5

c5f4e28fc6e03ce0eb75f08f60e7e0fa
SHA1

6eb42ee1642fd4802f64b2a897762035504e679c
SHA256

a0e62b0ab129c386e976d68e5a7c7b70fdf6e66aaffd151745381a45376a0fe3
SHA512

84a0e65b232f1dd470307b20b3cea146ceb42eee05319ee9f39534c91bc98991f0dae5290e5b9d80fbf5d7114f5a4b003bf9c2925e11a89692bb099b97c3623d
SSDEEP

49152:ap2osjmnonB04XvsK5QfqJXsgmqgaPCOQg7ipx8F:apVcmnoB/UKyfqJvmxv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0e62b0ab129c386e976d68e5a7c7b70fdf6e66aaffd151745381a45376a0fe3

Files

a0e62b0ab129c386e976d68e5a7c7b70fdf6e66aaffd151745381a45376a0fe3
.exe windows x86

311bc04f291c0f7dfe484e02c5b45319

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
setsockopt
gethostname
shutdown
htonl
gethostbyname
getservbyname
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
WSAStartup
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
ioctlsocket

wldap32

ord27
ord211
ord60
ord50
ord41
ord22
ord26
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord46

shlwapi

PathFileExistsA
PathRemoveFileSpecA
StrToIntA

shell32

SHCreateDirectoryExA
CommandLineToArgvW
SHFileOperationA

kernel32

FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
SetEnvironmentVariableA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
Process32First
FindFirstFileA
GetCurrentProcess
TerminateProcess
FindNextFileA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
SetEvent
DeleteFileA
Process32Next
CloseHandle
CreateThread
lstrcmpiA
CreateProcessA
GetDiskFreeSpaceExA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
CopyFileA
WritePrivateProfileStringA
GetCurrentProcessId
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateMutexA
WaitForSingleObject
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
RemoveDirectoryA
DeleteCriticalSection
lstrcpynA
WideCharToMultiByte
CreateDirectoryA
GetCurrentThreadId
CreateFileA
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
CreateEventW
SizeofResource
SetErrorMode
FindResourceA
FreeResource
GetVersionExA
GlobalAlloc
ResetEvent
LoadResource
GlobalLock
GlobalUnlock
TerminateThread
ExitProcess
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
GetModuleHandleExW
GetFullPathNameW
GetFullPathNameA
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetProcessHeap
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFileAttributesA
HeapSize

user32

MoveWindow
SetLayeredWindowAttributes
TranslateMessage
PostQuitMessage
UpdateWindow
LoadCursorA
DestroyWindow
ShowWindow
TranslateAcceleratorA
GetSystemMetrics
LoadStringA
SetWindowLongA
DispatchMessageA
CreateWindowExA
SystemParametersInfoA
RegisterClassExA
GetDlgCtrlID
TrackMouseEvent
DefWindowProcA
SetCapture
GetClientRect
GetParent
ReleaseCapture
InvalidateRect
BeginPaint
EndPaint
SendMessageA
wsprintfA
MessageBoxA
GetMessageA
GetProcessWindowStation
GetUserObjectInformationW
GetWindowLongA

advapi32

RegSetValueExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

psapi

GetModuleFileNameExA
EnumProcessModules

gdiplus

GdipCreateFont
GdiplusShutdown
GdipSetStringFormatAlign
GdipCreatePen1
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDrawString
GdipFree
GdipCreateSolidFill
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFamilyFromName
GdipDrawRectangleI
GdipDeleteFontFamily
GdipCreateStringFormat
GdipLoadImageFromStream
GdiplusStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

311bc04f291c0f7dfe484e02c5b45319

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

shlwapi

shell32

kernel32

user32

advapi32

ole32

psapi

gdiplus

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 360KB - Virtual size: 359KB

.data Size: 40KB - Virtual size: 54KB

.gfids Size: 1024B - Virtual size: 660B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 65KB - Virtual size: 65KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 360KB - Virtual size: 359KB

.data
Size: 40KB - Virtual size: 54KB

.gfids
Size: 1024B - Virtual size: 660B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 65KB - Virtual size: 65KB