f46b8a1c88c471025cc6ea2a44aca2b60d9eb162d7f2e9036547a90f3c6dd9f0

Sharing

Copy URL

Twitter E-mail

General

Target

f46b8a1c88c471025cc6ea2a44aca2b60d9eb162d7f2e9036547a90f3c6dd9f0
Size

1.8MB
MD5

d8fb989fd4992ec8a6756ca0b3fd730c
SHA1

eda12c745c4616b93dddc5840149a297d46b2b14
SHA256

f46b8a1c88c471025cc6ea2a44aca2b60d9eb162d7f2e9036547a90f3c6dd9f0
SHA512

4f687247c7f33517c4c4be45c33e3af3080cbc974723849cf2e1ddf39a8d3a61fdfb7a361824f2818c1e1777876dc50761c04480d88c458f955ab49ce3a6fe9c
SSDEEP

49152:PkmX8nge0bcsqpapKd7VDiQ+aPIO4LpCDl:P7X8ngdLqUsdhDil

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f46b8a1c88c471025cc6ea2a44aca2b60d9eb162d7f2e9036547a90f3c6dd9f0

Files

f46b8a1c88c471025cc6ea2a44aca2b60d9eb162d7f2e9036547a90f3c6dd9f0
.exe windows x86

87e5f82e6fd7c582dc1e82b94942490f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
setsockopt
gethostname
shutdown
htonl
gethostbyname
getservbyname
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
WSAStartup
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
ioctlsocket

wldap32

ord27
ord211
ord60
ord50
ord41
ord22
ord26
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord46

shlwapi

PathFileExistsA
StrToIntA
PathRemoveFileSpecA

shell32

CommandLineToArgvW
SHCreateDirectoryExA
SHFileOperationA

kernel32

FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
SetEnvironmentVariableA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
Process32First
FindFirstFileA
GetCurrentProcess
TerminateProcess
FindNextFileA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
SetEvent
DeleteFileA
Process32Next
CloseHandle
CreateThread
lstrcmpiA
CreateProcessA
GetDiskFreeSpaceExA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
CopyFileA
WritePrivateProfileStringA
GetCurrentProcessId
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateMutexA
WaitForSingleObject
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
RemoveDirectoryA
DeleteCriticalSection
lstrcpynA
WideCharToMultiByte
CreateDirectoryA
GetCurrentThreadId
CreateFileA
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
CreateEventW
SizeofResource
SetErrorMode
FindResourceA
FreeResource
GetVersionExA
GlobalAlloc
ResetEvent
LoadResource
GlobalLock
GlobalUnlock
TerminateThread
ExitProcess
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
GetModuleHandleExW
GetFullPathNameW
GetFullPathNameA
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetProcessHeap
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFileAttributesA
HeapSize

user32

GetSystemMetrics
TranslateAcceleratorA
MoveWindow
SetLayeredWindowAttributes
TranslateMessage
PostQuitMessage
GetDesktopWindow
UpdateWindow
SetForegroundWindow
LoadCursorA
DestroyWindow
ShowWindow
SetWindowLongA
LoadStringA
CreateWindowExA
SystemParametersInfoA
RegisterClassExA
GetDlgCtrlID
TrackMouseEvent
DefWindowProcA
SetCapture
GetClientRect
GetParent
ReleaseCapture
InvalidateRect
BeginPaint
EndPaint
SendMessageA
wsprintfA
MessageBoxA
SetWindowPos
GetWindowRect
DispatchMessageA
GetMessageA
GetWindowLongA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegSetValueExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

psapi

GetModuleFileNameExA
EnumProcessModules

gdiplus

GdipCreateFont
GdiplusShutdown
GdipSetStringFormatAlign
GdipCreatePen1
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDrawString
GdipFree
GdipCreateSolidFill
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFamilyFromName
GdipDrawRectangleI
GdipDeleteFontFamily
GdipCreateStringFormat
GdipLoadImageFromStream
GdiplusStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87e5f82e6fd7c582dc1e82b94942490f

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

shlwapi

shell32

kernel32

user32

advapi32

ole32

psapi

gdiplus

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 360KB - Virtual size: 360KB

.data Size: 40KB - Virtual size: 54KB

.gfids Size: 1024B - Virtual size: 660B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 65KB - Virtual size: 65KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 360KB - Virtual size: 360KB

.data
Size: 40KB - Virtual size: 54KB

.gfids
Size: 1024B - Virtual size: 660B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 65KB - Virtual size: 65KB