0063c463ec59dc73fe31cf256206b50a33e94dbd1c822f6cac1288e8a9b30ff4

Sharing

Copy URL Twitter E-mail

General

Target

0063c463ec59dc73fe31cf256206b50a33e94dbd1c822f6cac1288e8a9b30ff4
Size

423KB
MD5

172a8826c295463d3d65ce54d622e8ad
SHA1

1ceadad00dc5844ea0c0631816f3e3ef7f91fabf
SHA256

0063c463ec59dc73fe31cf256206b50a33e94dbd1c822f6cac1288e8a9b30ff4
SHA512

3174e1a5f9803cc242800597ac644fab83fc78d4f8aba76c34d366c0bb42c5fbda65fd3f1ac9e47aa486b5f3d07d51c066cbb1bad09c4db812cff3f332537fea
SSDEEP

12288:vxBAp6JdDncJSaiaDjMN8x/8WHZPCqQH:v3bdDfaiasN8x/8Ya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0063c463ec59dc73fe31cf256206b50a33e94dbd1c822f6cac1288e8a9b30ff4

Files

0063c463ec59dc73fe31cf256206b50a33e94dbd1c822f6cac1288e8a9b30ff4
.exe windows:5 windows x86

f3a46208400888a86eab14bab9a2610e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
__WSAFDIsSet
getsockopt
getsockname
ioctlsocket
htonl
listen
select
inet_addr
send
recv
WSAGetLastError
shutdown
gethostbyname
ntohl
WSACleanup
WSAStartup
socket
setsockopt
sendto
recvfrom
ntohs
inet_ntoa
htons
closesocket
bind
accept

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
CloseHandle
GetTickCount
GetConsoleWindow
GetStdHandle
SetConsoleTextAttribute
GetLocalTime
lstrlenA
CreateThread
SetThreadPriority
TerminateThread
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
GetVersionExA
GetCurrentThread
GetCurrentThreadId
ReleaseSemaphore
CreateSemaphoreA
WideCharToMultiByte
MoveFileA
InitializeCriticalSection
OutputDebugStringA
HeapAlloc
HeapFree
GetProcessHeap
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetCurrentProcess
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
OutputDebugStringW
HeapReAlloc
CreateDirectoryW
GetFileAttributesExW
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
SetLastError
GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
ReadFile
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetLastError
ExitProcess
WriteFile

user32

MessageBoxA
EnableMenuItem
GetSystemMenu

icuuc48

?getNext@ResourceBundle@icu_48@@QAE?AV12@AAW4UErrorCode@@@Z
?getKey@ResourceBundle@icu_48@@QBEPBDXZ
?resetIterator@ResourceBundle@icu_48@@QAEXXZ
?hasNext@ResourceBundle@icu_48@@QBECXZ
?getString@ResourceBundle@icu_48@@QBE?AVUnicodeString@2@AAW4UErrorCode@@@Z
??1ResourceBundle@icu_48@@UAE@XZ
??0ResourceBundle@icu_48@@QAE@PBDABVLocale@1@AAW4UErrorCode@@@Z
??1Locale@icu_48@@UAE@XZ
??0Locale@icu_48@@QAE@PBD000@Z
?getChinese@Locale@icu_48@@SAABV12@XZ
??1UnicodeString@icu_48@@UAE@XZ
?getTerminatedBuffer@UnicodeString@icu_48@@QAEPB_WXZ
??3UMemory@icu_48@@SAXPAX@Z
??2UMemory@icu_48@@SAPAXI@Z
ucnv_open_48
ucnv_close_48
ucnv_getMaxCharSize_48
?getDynamicClassID@ResourceBundle@icu_48@@UBEPAXXZ
?setDefault@Locale@icu_48@@SAXABV12@AAW4UErrorCode@@@Z
ucnv_fromUChars_48

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3a46208400888a86eab14bab9a2610e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

icuuc48

Sections

.text Size: 303KB - Virtual size: 302KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 303KB - Virtual size: 302KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 20KB - Virtual size: 20KB