a402ff421286fba9631547dd1ce0a3b213be31f2c3ec994409a5204a552e8360

Sharing

Copy URL

Twitter E-mail

General

Target

a402ff421286fba9631547dd1ce0a3b213be31f2c3ec994409a5204a552e8360
Size

170KB
MD5

a5d1f3a01a28b66b00f5caf15d0f75ca
SHA1

811f35e968bd1a0c77c843a87b0f734260038f0d
SHA256

a402ff421286fba9631547dd1ce0a3b213be31f2c3ec994409a5204a552e8360
SHA512

c2da53777c56538c47ba80619189bb544a7aceddcd2e14fb902017bcaa0014769aa86221d4d160ad41c74996abcd683c0d5d4b74bbfcdda20fd4a470e64046d9
SSDEEP

3072:XG4CF79z5UWuTTftkrc+3s8tY2kjgte3QIcx0qpPfXsFA:XiF7l5UD2rcCNtYj3QIcx0qpPfc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a402ff421286fba9631547dd1ce0a3b213be31f2c3ec994409a5204a552e8360

Files

a402ff421286fba9631547dd1ce0a3b213be31f2c3ec994409a5204a552e8360
.exe windows:5 windows x86

39594668f33fcd7da52d25ce93606bf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcrypto-1_1

MD5_Final
MD5_Update
MD5_Init
OPENSSL_init_crypto
RAND_seed

libssl-1_1

SSL_read
SSL_shutdown
SSL_free
TLS_server_method
TLSv1_server_method
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_ASN1
SSL_CTX_load_verify_locations
SSL_write
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_callback_ctrl
SSL_accept
SSL_get_servername
SSL_CTX_free
SSL_get_error
TLSv1_2_client_method
OPENSSL_init_ssl
SSL_connect
SSL_CTX_new
SSL_new
SSL_ctrl
SSL_CTX_set_verify_depth
SSL_set_fd

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
InitializeCriticalSection
SetUnhandledExceptionFilter
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileA
GetPrivateProfileStringW
GetTickCount
MultiByteToWideChar
GetModuleFileNameW
WideCharToMultiByte
SetLastError
GetCurrentThreadId
GetLastError
CloseHandle
Sleep
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetLocalTime

shell32

CommandLineToArgvW

msvcp120

_Strxfrm
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy
_Mtx_unlock
_Mtx_lock
_Mtx_init
?_Throw_C_error@std@@YAXH@Z
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?id@?$collate@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??0id@locale@std@@QAE@I@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Strcoll
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

crypt32

CertCloseStore
CryptStringToBinaryW
CertCreateCertificateContext
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CryptStringToBinaryA

msvcr120

??1type_info@@UAE@XZ
_lock
_commode
_fmode
__winitenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnprintf
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
?terminate@@YAXXZ
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_CxxThrowException
memchr
__CxxFrameHandler3
free
??3@YAXPAX@Z
wcslen
memcpy
memmove
memcmp
strlen
memset
??2@YAPAXI@Z
_time64
rand
printf
malloc
_beginthreadex
fprintf
srand
strtok_s
_endthreadex
_purecall
strchr
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
realloc
??_V@YAXPAX@Z
fopen
vfprintf
fclose
wcsrchr
fseek
ftell
fread
fwrite
sprintf
_wcsicmp
atoi
exit
tolower
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ

ws2_32

shutdown
freeaddrinfo
getaddrinfo
send
recv
listen
bind
WSAGetLastError
WSAStartup
WSACleanup
accept
__WSAFDIsSet
select
setsockopt
closesocket
connect
socket
inet_ntoa
inet_addr
gethostbyname
htons
ntohs

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39594668f33fcd7da52d25ce93606bf8

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-1_1

libssl-1_1

kernel32

shell32

msvcp120

crypt32

msvcr120

ws2_32

dbghelp

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 3KB - Virtual size: 6.5MB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 6.5MB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 6KB - Virtual size: 5KB