7c98624e010d406cf504d6465edad1c2b1441457976bfb2373bec9f666e8af85

Sharing

Copy URL

Twitter E-mail

General

Target

7c98624e010d406cf504d6465edad1c2b1441457976bfb2373bec9f666e8af85
Size

588KB
MD5

15fba5e58f1349817ca1ac2d55fd2e58
SHA1

e75aa89e91613d836cde955fd0372972fd4fbc34
SHA256

7c98624e010d406cf504d6465edad1c2b1441457976bfb2373bec9f666e8af85
SHA512

d2ca664291bb241da54e34a4ca2f72d7bccc94eeea80cc13ea6be26c8642ddadf4cdc5e6b2bca1ee212825ad6c4c5717fbd55f8fe00b495efeab71c5aa487c9f
SSDEEP

12288:Or+Cu0Q5PuhoVncbfF0fHx8QdB/NtfakNp8z2uDpTKubP4ofC0yqCs:Or+5dnncbfSfRvdDtfa8uDtUYZCs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c98624e010d406cf504d6465edad1c2b1441457976bfb2373bec9f666e8af85

Files

7c98624e010d406cf504d6465edad1c2b1441457976bfb2373bec9f666e8af85
.exe windows:4 windows x86

221f7cd1cacf4a3e7c1a1a42929d6794

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CreatePipe
PeekNamedPipe
ReadFile
GetExitCodeProcess
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileStringA
GetFileSize
GetStartupInfoA
SetFileAttributesA
GetLocalTime
SetFilePointer
MoveFileA
WritePrivateProfileStringA
GetTickCount
DeleteFileA
Sleep
GetVersionExA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
WriteFile
LCMapStringW
FlushFileBuffers
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
TerminateThread
GetExitCodeThread
GetCurrentProcess
GetCurrentProcessId
OpenProcess
Process32First
TerminateProcess
GetEnvironmentVariableA
WaitForSingleObject
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
LocalSize
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
CreateProcessA
lstrcpyn
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetWindowsDirectoryA
SetWaitableTimer
CreateWaitableTimerA
CreateThread
GetSystemWow64DirectoryA
GetProcAddress
GetModuleHandleA
CloseHandle
Process32Next
CreateToolhelp32Snapshot
WideCharToMultiByte
GlobalFree
RtlMoveMemory
GlobalAlloc
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
GetTempPathA
GetSystemDirectoryA
GetLastError
DeleteCriticalSection
GetVersion
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
CallWindowProcA
GetInputState
PostMessageA
ExitWindowsEx
MsgWaitForMultipleObjects
FindWindowExA

advapi32

ChangeServiceConfig2A
CryptAcquireContextA
CryptCreateHash
RegCreateKeyExA
RegFlushKey
EnumDependentServicesA
EnumServicesStatusExA
EnumServicesStatusA
ChangeServiceConfigA
ControlService
StartServiceA
DeleteService
CreateServiceA
GetServiceKeyNameA
GetServiceDisplayNameA
QueryServiceConfig2A
QueryServiceConfigA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnableReflectionKey
RegDisableReflectionKey
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
GetUserNameA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

gethostbyname
WSACleanup
gethostname
WSAStartup
WSAGetLastError
inet_addr
connect
inet_ntoa
send
__WSAFDIsSet
select
closesocket
htons
socket
shutdown
ioctlsocket
recv

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA

dbghelp

MakeSureDirectoryPathExists

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 811B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

221f7cd1cacf4a3e7c1a1a42929d6794

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

dbghelp

oleaut32

Sections

.text Size: - Virtual size: 280KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 774KB

.upx0 Size: - Virtual size: 46KB

.upx1 Size: 580KB - Virtual size: 579KB

.rsrc Size: 4KB - Virtual size: 811B

.text
Size: - Virtual size: 280KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 774KB

.upx0
Size: - Virtual size: 46KB

.upx1
Size: 580KB - Virtual size: 579KB

.rsrc
Size: 4KB - Virtual size: 811B