d9b6887df02b2f0371da3e4900067c767c34bf66ff2c49192ed056ef982831e1

Sharing

Copy URL Twitter E-mail

General

Target

d9b6887df02b2f0371da3e4900067c767c34bf66ff2c49192ed056ef982831e1
Size

1.5MB
MD5

66e5c317382d767247011cbdf79c086b
SHA1

0ad559f6eb06d6dd22990f324a69106f09e07f64
SHA256

d9b6887df02b2f0371da3e4900067c767c34bf66ff2c49192ed056ef982831e1
SHA512

5a3ead51425def87b513aa0ea633505a5f9487c58eada9f0281bf837fe644cbaf14b5752cf2640d3352cdc749e434636814ba1f2d8c5b234e41e183d2f403866
SSDEEP

24576:i91uP3anWa8MCmzhwbarAVOd9m+KpPZ9RYAY6S26xKWa0jlUyajLZipFW8C5CJrt:i9kP3baZCmzyJVOyh9SxwOycpFjhJrt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9b6887df02b2f0371da3e4900067c767c34bf66ff2c49192ed056ef982831e1

Files

d9b6887df02b2f0371da3e4900067c767c34bf66ff2c49192ed056ef982831e1
.exe windows:5 windows x86

6ac67c5afd62f79423a91af4f440d1b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
FormatMessageA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
CreateEventA
GetModuleHandleA
GetVersion
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FindNextFileA
FindClose
SystemTimeToFileTime
GetSystemTime
FlushConsoleInputBuffer
CompareStringW
GetDriveTypeW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
Sleep
WaitForSingleObject
ExitProcess
ReadFile
CloseHandle
WriteFile
GetFileSize
GetCurrentThreadId
CreateFileA
GetUserDefaultLCID
HeapSize
GetStringTypeW
CreateFileW
GetTimeZoneInformation
GetLocaleInfoW
LoadLibraryW
GetProcessHeap
SetEndOfFile
SetStdHandle
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
GetCurrentDirectoryW
GetFullPathNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetConsoleCP
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetEnvironmentVariableA
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
ExitThread
CreateThread
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
HeapReAlloc
HeapAlloc
GetDriveTypeA
GetFileInformationByHandle
SetFilePointer
GetModuleHandleW
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

ws2_32

sendto
getaddrinfo
freeaddrinfo
recvfrom
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
accept
listen
ioctlsocket
gethostname
shutdown
connect

wldap32

ord26
ord30
ord32
ord35
ord50
ord200
ord301
ord27
ord41
ord46
ord60
ord143
ord211
ord22
ord79
ord33

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ac67c5afd62f79423a91af4f440d1b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wldap32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 292KB - Virtual size: 292KB

.data Size: 41KB - Virtual size: 56KB

.reloc Size: 60KB - Virtual size: 60KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 292KB - Virtual size: 292KB

.data
Size: 41KB - Virtual size: 56KB

.reloc
Size: 60KB - Virtual size: 60KB