2634c88cbd1865584cfb69f3e38a6e988b6b3c0ecb336e01b42ffca55d08e2df

Sharing

Copy URL Twitter E-mail

General

Target

2634c88cbd1865584cfb69f3e38a6e988b6b3c0ecb336e01b42ffca55d08e2df
Size

220KB
MD5

73441bc00c4b39ba77b7bb8f0a4f064d
SHA1

8ea237ee7e9b4e225e8f77c17866052928597195
SHA256

2634c88cbd1865584cfb69f3e38a6e988b6b3c0ecb336e01b42ffca55d08e2df
SHA512

9e80442ff710f2e6098022fd5a2664d4be65301352c8e44ea1b0fcfb6bea0840284b19f6f2c494bad5391f55fc4ebc8e0f27b3b48592f874012254428cac2ad9
SSDEEP

3072:SgFIBnycdvseCuvGc3jrxagQqUGyITuebxxIWY8wRzhhmSFnxXep+8888m88lH/f:SSIBnX1seC2QlTKx9i9znJMG6z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2634c88cbd1865584cfb69f3e38a6e988b6b3c0ecb336e01b42ffca55d08e2df

Files

2634c88cbd1865584cfb69f3e38a6e988b6b3c0ecb336e01b42ffca55d08e2df
.exe windows:6 windows x86

85c5c5ac230d1689530553c77020f72b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_slist_append
curl_slist_free_all
curl_easy_strerror
curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
curl_formfree

kernel32

FreeLibrary
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCommandLineA
CloseHandle
GetLastError
WaitForSingleObject
Sleep
GetExitCodeProcess
OpenProcess
CopyFileA
MultiByteToWideChar
AllocConsole
GetModuleFileNameA
GetModuleHandleA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDrives
DuplicateHandle
CreateEventA
GetProcessTimes
GetCurrentProcess
GetSystemTimes
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExA
WideCharToMultiByte
GetLogicalDriveStringsA
GetComputerNameA
K32QueryWorkingSet
K32GetProcessMemoryInfo
K32GetPerformanceInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
InitializeCriticalSectionEx
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
LoadLibraryExW
lstrcmpW
ExpandEnvironmentStringsW
VerifyVersionInfoW
GetFullPathNameW
VerSetConditionMask
ReadProcessMemory
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
SetLastError
LocalFree
GetFileAttributesW
GetSystemDirectoryW
LocalAlloc
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
lstrcatA
GetWindowsDirectoryA
GetSystemDirectoryA
InitializeSListHead
GetCurrentThreadId

user32

MessageBoxA
GetSystemMetrics
EnumDisplayDevicesA
GetGuiResources
EnumDisplaySettingsA

advapi32

RegOpenKeyExA
RegCloseKey
GetUserNameA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Xlength_error@std@@YAXPBD@Z

ws2_32

ioctlsocket
connect
closesocket
htons
inet_addr
recv
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_exception_copy
memchr
memcpy
memmove
memset
strchr
memcmp
_except_handler4_common
__current_exception
__current_exception_context
strstr
wcsrchr
wcsstr
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
terminate
_beginthreadex
_c_exit
_exit
_wassert
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_set_app_type
exit
_get_narrow_winmain_command_line
_beginthread

api-ms-win-crt-string-l1-1-0

tolower
wcslen
strncmp
strcpy_s
_wcsnicmp
wcscmp
_wcsupr
isdigit
_wcsicmp
isalpha

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
realloc
_callnewh
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

fputc
_set_fmode
_fileno
__stdio_common_vsscanf
__p__commode
__stdio_common_vsprintf
ftell
fseek
fopen
feof
freopen
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_chsize_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil
floor
_libm_sse2_pow_precise

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_findnext64i32
_findfirst64i32
_findclose
_lock_file

api-ms-win-crt-convert-l1-1-0

atoi
wcstombs
atof
_itoa

api-ms-win-crt-time-l1-1-0

_mktime64
_localtime64_s
_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

Exports

Exports

?md5_init@@YAXPAUmd5_ctxt@@@Z
?md5_loop@@YAXPAUmd5_ctxt@@PAEK@Z
?md5_pad@@YAXPAUmd5_ctxt@@@Z
?md5_result@@YAXPAEPAUmd5_ctxt@@@Z
getCpuUsage
getGpuInfo
getSystemInfo

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85c5c5ac230d1689530553c77020f72b

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

kernel32

user32

advapi32

shell32

ole32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 10KB - Virtual size: 1.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 10KB - Virtual size: 1.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB