3ef001c04cbd424a7d0b305bab7fd742ad57101b

Sharing

Copy URL Twitter E-mail

General

Target

3ef001c04cbd424a7d0b305bab7fd742ad57101b
Size

227KB
MD5

30073f0abbebe53fa03ea1d24a412348
SHA1

3ef001c04cbd424a7d0b305bab7fd742ad57101b
SHA256

d5b098e84de345012434783879efb3b8bd64f9ec669b11dd244e4e1594a7c228
SHA512

c3fb67903cad64744ff31c100f70f730325abdba498f6bc2ba574738d3db4c47385fb03e2e5834d0d3384b866c6182aef21edecb49549b4c68ac20510e4cbda2
SSDEEP

3072:z4EPUbWFincT+M3xu6kS7QyFeh8m+J9fJzC3Ew0Q59ztjpUR51dtHqaFjkCBooP:z4EPUbbnc9u6Jnm+J9oDm5WsQCLP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ef001c04cbd424a7d0b305bab7fd742ad57101b

Files

3ef001c04cbd424a7d0b305bab7fd742ad57101b
.exe windows:4 windows x64

625ba6ffd588d9d4366b5f9b15bd7045

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

iphlpapi

GetIpAddrTable

kernel32

CloseHandle
CompareFileTime
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitThread
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
LocalSize
MoveFileA
OpenProcess
QueryPerformanceCounter
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryA
SetEndOfFile
SetEvent
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile

msvcrt

__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_stat64
_strcmpi
_unlock
_time64
abort
atoi
calloc
exit
fprintf
free
fwrite
localtime
malloc
memcmp
memcpy
memset
printf
putchar
puts
signal
sprintf
strcat
strcmp
strcpy
strftime
strlen
strncmp
strstr
toupper
vfprintf

psapi

EnumProcesses
GetModuleBaseNameA

user32

wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
gethostname
htons
inet_ntoa
recv
send
shutdown
socket

libcrypto-1_1-x64

ASN1_STRING_get0_data
ASN1_STRING_length
ASN1_item_d2i
BIO_ctrl
BIO_free
BIO_new_accept
BIO_new_file
BIO_pop
ERR_error_string
ERR_get_error
OBJ_nid2sn
OBJ_obj2nid
OPENSSL_sk_num
OPENSSL_sk_value
OpenSSL_version
PEM_read_bio_DHparams
RAND_load_file
X509V3_EXT_get
X509_EXTENSION_get_data
X509_EXTENSION_get_object
X509_NAME_get_text_by_NID
X509_NAME_oneline
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_free
X509_get_ext
X509_get_ext_count
X509_get_issuer_name
X509_get_subject_name
X509_verify_cert_error_string

libssl-1_1-x64

OPENSSL_init_ssl
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_options
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_chain_file
SSL_accept
SSL_clear
SSL_free
SSL_get_peer_certificate
SSL_get_shutdown
SSL_get_verify_result
SSL_new
SSL_read
SSL_set_accept_state
SSL_set_bio
SSL_shutdown
SSL_write
TLS_method

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

625ba6ffd588d9d4366b5f9b15bd7045

Headers

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

psapi

user32

version

wsock32

libcrypto-1_1-x64

libssl-1_1-x64

Sections

.text Size: 49KB - Virtual size: 49KB

.data Size: 512B - Virtual size: 272B

.rdata Size: 13KB - Virtual size: 13KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 5KB

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 680B

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 49KB - Virtual size: 49KB

/31 Size: 7KB - Virtual size: 6KB

/45 Size: 7KB - Virtual size: 6KB

/57 Size: 3KB - Virtual size: 2KB

/70 Size: 1024B - Virtual size: 804B

/81 Size: 12KB - Virtual size: 11KB

/92 Size: 1KB - Virtual size: 1KB

.text
Size: 49KB - Virtual size: 49KB

.data
Size: 512B - Virtual size: 272B

.rdata
Size: 13KB - Virtual size: 13KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 680B

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 49KB - Virtual size: 49KB

/31
Size: 7KB - Virtual size: 6KB

/45
Size: 7KB - Virtual size: 6KB

/57
Size: 3KB - Virtual size: 2KB

/70
Size: 1024B - Virtual size: 804B

/81
Size: 12KB - Virtual size: 11KB

/92
Size: 1KB - Virtual size: 1KB