3458b33726912de93acd57161079105a174139a022dacd6280a0908a8f1a1092

Sharing

Copy URL

Twitter E-mail

General

Target

3458b33726912de93acd57161079105a174139a022dacd6280a0908a8f1a1092
Size

422KB
MD5

22a1387eab4eccf2f8eeb9cce343b70d
SHA1

3b5986f77ff13d7f1c62a3956d71402214537532
SHA256

3458b33726912de93acd57161079105a174139a022dacd6280a0908a8f1a1092
SHA512

625747489a0470c99dd2cc4d58d18d6f1e44409543329af8580682c6429ef3428412a0de4d3024c7b47199cb6eb88de443d7c2516361682b3a1d2473673c3354
SSDEEP

6144:LzbRaYg0U+5YJM/3OAYeG1eVydKNuQHpSHk74Zre4WCE:PbRaYgmgO7ydKNTJSE74AQE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3458b33726912de93acd57161079105a174139a022dacd6280a0908a8f1a1092

Files

3458b33726912de93acd57161079105a174139a022dacd6280a0908a8f1a1092
.exe windows:5 windows x86

eef30c176ab1f5f844cd75965aeb8d8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
__WSAFDIsSet
setsockopt
getsockname
closesocket
ntohs
ntohl
ioctlsocket
inet_addr
listen
select
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
send
inet_ntoa
htonl
accept
getsockopt
recv
htons

kernel32

DecodePointer
InterlockedExchange
InterlockedExchangeAdd
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
ExitProcess
RaiseException
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
Sleep
CloseHandle
GetTickCount
TlsGetValue
TlsSetValue
CreateSemaphoreA
TlsAlloc
TlsFree
GetCurrentThreadId
GetStdHandle
GetModuleHandleA
SetConsoleTextAttribute
SetConsoleTitleA
InterlockedIncrement
InterlockedDecrement
GetVersionExA
GetCurrentThread
SetThreadPriority
GetCurrentProcess
CreateThread
TerminateThread
GetLocalTime
MoveFileA
OutputDebugStringA
GetThreadPriority
GetExitCodeThread
SuspendThread
ResumeThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetModuleHandleExW
GetModuleHandleW
GetStartupInfoW
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
ReadFile
IsProcessorFeaturePresent
LoadLibraryExW
GetProcAddress
ExitThread
GetCommandLineA
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
RtlUnwind
OutputDebugStringW
IsDebuggerPresent
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetStringTypeW
MultiByteToWideChar
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
SetStdHandle
CreateProcessA
GetExitCodeProcess
CreateDirectoryW
GetFileAttributesExW
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
EncodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
WriteFile
CompareStringW
SetEndOfFile
WideCharToMultiByte
AreFileApisANSI

user32

PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateDialogParamA
GetDlgItem
SetDlgItemTextA
SetTimer
KillTimer
SetWindowTextA
MessageBoxA

odbc32

ord24
ord3
ord9
ord29
ord11
ord13
ord31
ord16
ord43
ord36
ord45
ord20
ord39
ord75
ord51
ord41

icuuc48

?getNext@ResourceBundle@icu_48@@QAE?AV12@AAW4UErrorCode@@@Z
?getKey@ResourceBundle@icu_48@@QBEPBDXZ
?resetIterator@ResourceBundle@icu_48@@QAEXXZ
?hasNext@ResourceBundle@icu_48@@QBECXZ
?getString@ResourceBundle@icu_48@@QBE?AVUnicodeString@2@AAW4UErrorCode@@@Z
??0ResourceBundle@icu_48@@QAE@PBDABVLocale@1@AAW4UErrorCode@@@Z
ucnv_open_48
??1Locale@icu_48@@UAE@XZ
??0Locale@icu_48@@QAE@PBD000@Z
?getChinese@Locale@icu_48@@SAABV12@XZ
??1UnicodeString@icu_48@@UAE@XZ
?getTerminatedBuffer@UnicodeString@icu_48@@QAEPB_WXZ
??3UMemory@icu_48@@SAXPAX@Z
??2UMemory@icu_48@@SAPAXI@Z
ucnv_close_48
ucnv_getMaxCharSize_48
ucnv_fromUChars_48
?getDynamicClassID@ResourceBundle@icu_48@@UBEPAXXZ
?setDefault@Locale@icu_48@@SAXABV12@AAW4UErrorCode@@@Z
??1ResourceBundle@icu_48@@UAE@XZ

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eef30c176ab1f5f844cd75965aeb8d8d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

odbc32

icuuc48

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 10KB - Virtual size: 22KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 10KB - Virtual size: 22KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 19KB - Virtual size: 19KB