4da127b4b80b98b60f4bc499fda839d6606f3a35d0567e9a11cdb82c461bacef

Sharing

Copy URL Twitter E-mail

General

Target

4da127b4b80b98b60f4bc499fda839d6606f3a35d0567e9a11cdb82c461bacef
Size

1.5MB
MD5

d01b66942b2895f74af98de72a558c00
SHA1

28997ffd7f822e0411c5cea8b187964f66b9fdf7
SHA256

4da127b4b80b98b60f4bc499fda839d6606f3a35d0567e9a11cdb82c461bacef
SHA512

5ed2777f492e88057532325b7874e1ed71555227f1d727ef612c0737773ccc6bd33f5828a3bb27322320a8c115e30f72eb8442b8aa81b4c783edf08e19dcf707
SSDEEP

24576:/ni/91epwQbk59pT/beAGcadHCPntQQ+1eKNjdcgQe4PTRSyBKsEE:6bep5U9pT6AGjCPJaeKNjdcFTPsyBKs5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4da127b4b80b98b60f4bc499fda839d6606f3a35d0567e9a11cdb82c461bacef

Files

4da127b4b80b98b60f4bc499fda839d6606f3a35d0567e9a11cdb82c461bacef
.exe windows:6 windows x86

22e86bae138fc2bc690ed348e5b87e2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
TerminateThread
TlsAlloc
GetVersionExA
CloseHandle
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
GetTickCount
ReadFile
GetCurrentProcess
WriteFile
TerminateProcess
GetCurrentThreadId
GetModuleHandleA
OpenProcess
GetTempPathA
QueryFullProcessImageNameA
CreateFileA
GetFileSize
GetCurrentProcessId
CreateProcessA
GetTempFileNameA
CreateEventA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
GetLocalTime
SizeofResource
WriteProcessMemory
FindResourceA
FreeResource
GetExitCodeThread
LoadLibraryA
DeleteFileA
LoadResource
GetProcAddress
VirtualAllocEx
GetModuleHandleW
CreateRemoteThread
VirtualFreeEx
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
Sleep
CreateEventW
GetOverlappedResult
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
SetNamedPipeHandleState
WaitNamedPipeA
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
PostQueuedCompletionStatus
WaitForSingleObject
CreateMutexA
GetQueuedCompletionStatus
SetErrorMode
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
EnterCriticalSection
SetLastError
VerifyVersionInfoA
TlsSetValue
SetWaitableTimer
GetModuleFileNameA
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
FlushFileBuffers
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetCPInfo
LCMapStringEx
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
WaitForSingleObjectEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime

user32

GetForegroundWindow
GetWindowTextA
GetMessageA
SetWindowsHookExA
CallNextHookEx

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyA
RegQueryValueExA
SetSecurityDescriptorDacl

oleaut32

SysAllocString
VariantClear
SysFreeString

ws2_32

listen
getaddrinfo
WSAStartup
getsockname
ntohs
connect
WSAAddressToStringW
gethostname
WSARecv
getsockopt
htonl
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
ntohl
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet
WSACleanup
WSASetLastError
WSASocketW

iphlpapi

GetAdaptersInfo

shlwapi

PathFileExistsA

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22e86bae138fc2bc690ed348e5b87e2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

iphlpapi

shlwapi

Sections

.text Size: 310KB - Virtual size: 309KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 13KB - Virtual size: 24KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 13KB - Virtual size: 24KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 17KB - Virtual size: 16KB