a68c36bd251cc539485cb5c1cc65ce1165131c14486fe12e4beeff1adc703616

Sharing

Copy URL Twitter E-mail

General

Target

a68c36bd251cc539485cb5c1cc65ce1165131c14486fe12e4beeff1adc703616
Size

681KB
MD5

78982378483c50b5d69772a9d7ac3522
SHA1

67f340b6eb1388e686809e8f8f19b286deec3500
SHA256

a68c36bd251cc539485cb5c1cc65ce1165131c14486fe12e4beeff1adc703616
SHA512

b5c108303b62b98da0416175c0d20113d0d304e46a520cc7f697be13498ce14e40a0560cd546b0c979249429120c1600f7467df15997615f5c7b2c787c4dc21d
SSDEEP

12288:MukNMQ+5BHVk3dqdRnftUIx6YvLEtF5CR7:xhRVkGnxxvjEVCZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a68c36bd251cc539485cb5c1cc65ce1165131c14486fe12e4beeff1adc703616

Files

a68c36bd251cc539485cb5c1cc65ce1165131c14486fe12e4beeff1adc703616
.exe windows x86

7ba57427cd40951f4ef04544737aef0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
CreateFileA
CreateFileW
WriteFile
CloseHandle
GetLocalTime
VirtualQuery
CreateFileMappingW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
GetSystemInfo
VirtualProtectEx
SetUnhandledExceptionFilter
CloseHandle

user32

wsprintfA
MessageBoxW

shlwapi

ord158
StrStrIW

dbagent

?createDBAgent@nydbagent@@YAPAVIDBAgent@1@_N@Z

libcurl

curl_easy_cleanup

libs3

S3_deinitialize

advapi32

OpenProcessToken

ole32

CoInitializeEx

shell32

SHFileOperationW

oleaut32

VariantClear

msvcp120

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z

version

GetFileVersionInfoA

msvcr120

_unlink

iphlpapi

GetAdaptersInfo

rstrtmgr

RmStartSession

Sections

.text
Size: - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.virbox
Size: - Virtual size: 775KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vdata3
Size: - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.virbox3
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ba57427cd40951f4ef04544737aef0e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

dbagent

libcurl

libs3

advapi32

ole32

shell32

oleaut32

msvcp120

version

msvcr120

iphlpapi

rstrtmgr

Sections

.text Size: - Virtual size: 371KB

.rdata Size: - Virtual size: 77KB

.data Size: - Virtual size: 73KB

.virbox Size: - Virtual size: 775KB

.vdata3 Size: - Virtual size: 245KB

.virbox3 Size: 216KB - Virtual size: 216KB

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 768B

.text
Size: - Virtual size: 371KB

.rdata
Size: - Virtual size: 77KB

.data
Size: - Virtual size: 73KB

.virbox
Size: - Virtual size: 775KB

.vdata3
Size: - Virtual size: 245KB

.virbox3
Size: 216KB - Virtual size: 216KB

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 768B