174f9204e74015c55554f37937bc8a4715781a0cc727bdf000ed5ff5ff70fddb

Sharing

Copy URL Twitter E-mail

General

Target

174f9204e74015c55554f37937bc8a4715781a0cc727bdf000ed5ff5ff70fddb
Size

848KB
MD5

f6d28d23522a7e21225e52d9e388aa5e
SHA1

23ad8fb0f3d0f7c9f2366cc0138e8b4aeeeb01ba
SHA256

174f9204e74015c55554f37937bc8a4715781a0cc727bdf000ed5ff5ff70fddb
SHA512

266f4b1f4e56e1379a37e371d443351c77882d0c550ae2c04769b0929f27eeeced569c39532505574ac636b45115a2e61832d6bc608be2fb3b825c6c0ea489e4
SSDEEP

24576:x6uoN1AtYZaoiGEdW7rrV3M8T1DtufsPXYICB+Mb:GlEk7NXeeXYICBfb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
174f9204e74015c55554f37937bc8a4715781a0cc727bdf000ed5ff5ff70fddb

Files

174f9204e74015c55554f37937bc8a4715781a0cc727bdf000ed5ff5ff70fddb
.exe windows:5 windows x86

42c515b2df820eda99bac034ecd0cbdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
WSAStartup
WSACleanup
select
ioctlsocket
connect
ntohl
inet_addr
htons
ntohs
shutdown
setsockopt
recv
socket
closesocket
gethostbyname
send
getsockopt
accept
WSAGetLastError

libmysql

mysql_store_result
mysql_num_rows
mysql_fetch_row
mysql_free_result
mysql_stmt_init
mysql_stmt_prepare
mysql_real_query
mysql_stmt_bind_param
mysql_stmt_execute
mysql_stmt_affected_rows
mysql_stmt_close
mysql_init
mysql_close
mysql_errno
mysql_real_connect
mysql_stmt_param_count

ssleay32

ord87
ord183
ord86
ord78
ord48
ord74
ord12
ord75
ord58
ord61
ord110
ord43
ord108

libeay32

ord3212

kernel32

SetEnvironmentVariableA
SetEndOfFile
LoadLibraryW
ReadConsoleW
CreateFileW
WriteConsoleW
SetStdHandle
SetFilePointerEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleMode
GetConsoleCP
FreeLibrary
GetOEMCP
IsValidCodePage
GetModuleFileNameW
GetFileType
GetStdHandle
HeapSize
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateSemaphoreW
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetModuleHandleW
GetTickCount
GetLastError
Sleep
WaitForSingleObject
TerminateThread
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcess
QueryPerformanceCounter
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
OpenProcess
TerminateProcess
SetConsoleCtrlHandler
GetCommandLineW
SetLastError
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
GetFileSize
SetFilePointer
AllocConsole
SetEvent
WriteFile
ReadFile
GetACP
FlushFileBuffers
MoveFileA
CreateEventW
GetModuleFileNameA
OutputDebugStringA
DeleteFileA
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
HeapReAlloc
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetStringTypeW
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
ExitProcess
GetModuleHandleExW
AreFileApisANSI
CreateThread
ExitThread
LoadLibraryExW

user32

IsWindow
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetTimer
CreateWindowExW
DefWindowProcW
RegisterClassExW
UnregisterClassW
DestroyWindow
KillTimer

shell32

SHCreateDirectoryExA

shlwapi

PathFileExistsA
PathCombineA
PathRemoveFileSpecA

rpcrt4

UuidCreateSequential

Sections

.text
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42c515b2df820eda99bac034ecd0cbdd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

libmysql

ssleay32

libeay32

kernel32

user32

shell32

shlwapi

rpcrt4

Sections

.text Size: 586KB - Virtual size: 586KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 20KB - Virtual size: 47KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 101KB - Virtual size: 104KB

.text
Size: 586KB - Virtual size: 586KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 20KB - Virtual size: 47KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 101KB - Virtual size: 104KB