d215d2f526a510408ed9ed4f434f096bcc4b8cfb63436f962651c743117e7f95

Sharing

Copy URL Twitter E-mail

General

Target

d215d2f526a510408ed9ed4f434f096bcc4b8cfb63436f962651c743117e7f95
Size

615KB
MD5

c5f33bb23a363d8c4e941f56960ef7f2
SHA1

5f62fc69a92c8bf20076da1dd8c5a5b770b78d97
SHA256

d215d2f526a510408ed9ed4f434f096bcc4b8cfb63436f962651c743117e7f95
SHA512

1606c9e1bc3769abd99c44d70197d040374a9b60ba13a9887bf79cfc2b95aca5abb5463a882024ce25f767dcfbc8fe589d1a1559e40df1dba7fa238d143a1467
SSDEEP

12288:i1GOvXyPKc4fkT1LjNFfInBBRcHdCFkX8fcbsRS/mmXNw:iK4fiKq9CxcbEqpw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d215d2f526a510408ed9ed4f434f096bcc4b8cfb63436f962651c743117e7f95

Files

d215d2f526a510408ed9ed4f434f096bcc4b8cfb63436f962651c743117e7f95
.exe windows:6 windows x86

9f48c79701cc15c1fdcfd2a5dcab2202

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
ntohl
ntohs
closesocket
getsockname
getsockopt
setsockopt
__WSAFDIsSet
bind
ioctlsocket
htonl
listen
select
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
send
recv
accept
inet_addr
inet_ntoa

winmm

timeGetTime

bti

ipBTI_Terminate
ipBTI_Close
ipBTI_STOP
ipBTI_Initial
ipBTI_GAME
ipBTI_TIME
ipBTI_Open

icuuc38

?getNext@ResourceBundle@icu_3_8@@QAE?AV12@AAW4UErrorCode@@@Z
?getString@ResourceBundle@icu_3_8@@QBE?AVUnicodeString@2@AAW4UErrorCode@@@Z
?hasNext@ResourceBundle@icu_3_8@@QBECXZ
??2UMemory@icu_3_8@@SAPAXI@Z
??3UMemory@icu_3_8@@SAXPAX@Z
?getTerminatedBuffer@UnicodeString@icu_3_8@@QAEPB_WXZ
??1UnicodeString@icu_3_8@@UAE@XZ
?getEnglish@Locale@icu_3_8@@SAABV12@XZ
??0Locale@icu_3_8@@QAE@PBD000@Z
??1Locale@icu_3_8@@UAE@XZ
?setDefault@Locale@icu_3_8@@SAXABV12@AAW4UErrorCode@@@Z
??0ResourceBundle@icu_3_8@@QAE@PBDABVLocale@1@AAW4UErrorCode@@@Z
?getDynamicClassID@ResourceBundle@icu_3_8@@UBEPAXXZ
ucnv_fromUChars_3_8
ucnv_getMaxCharSize_3_8
ucnv_close_3_8
ucnv_open_3_8
?resetIterator@ResourceBundle@icu_3_8@@QAEXXZ
?getKey@ResourceBundle@icu_3_8@@QBEPBDXZ
??1ResourceBundle@icu_3_8@@UAE@XZ

libcrypto-1_1

ERR_print_errors_fp
OPENSSL_init_crypto

libssl-1_1

OPENSSL_init_ssl
TLS_client_method
TLS_server_method
SSL_CTX_set_client_hello_cb
SSL_new
SSL_CTX_check_private_key
SSL_CTX_use_certificate_file
SSL_CTX_use_PrivateKey_file
SSL_set_fd
SSL_CTX_new
SSL_free
SSL_read
SSL_accept
SSL_write

kernel32

WriteConsoleW
CreateFileW
SetStdHandle
CreateProcessA
GetExitCodeProcess
GetTimeZoneInformation
CreateDirectoryW
FindNextFileW
FindFirstFileExW
GetFileAttributesExW
DeleteFileW
ReadConsoleW
LoadLibraryExW
SetFilePointerEx
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
WriteFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetModuleHandleW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ReadFile
AreFileApisANSI
GetModuleHandleExW
IsProcessorFeaturePresent
GetCommandLineA
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
RtlUnwind
OutputDebugStringW
IsDebuggerPresent
GetStringTypeW
MultiByteToWideChar
EncodePointer
WideCharToMultiByte
SetEnvironmentVariableA
DecodePointer
CloseHandle
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
Sleep
ExitProcess
TlsGetValue
TlsSetValue
GetTickCount
CreateSemaphoreA
SetConsoleTextAttribute
TlsAlloc
TlsFree
GetStdHandle
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetModuleHandleA
SetConsoleTitleA
CreateThread
GetExitCodeThread
ResumeThread
FreeLibrary
GetVersionExA
GetCurrentThread
SetThreadPriority
GetCurrentProcess
TerminateThread
MoveFileA
GetEnvironmentVariableA
GetCurrentDirectoryA
CreateFileA
DuplicateHandle
SetLastError
SwitchToThread
SuspendThread
GetThreadContext
ReadProcessMemory
GetModuleFileNameA
GetProcAddress
lstrcpynA
lstrlenA
LoadLibraryA
IsBadReadPtr
IsBadWritePtr
OutputDebugStringA
SetEndOfFile
AllocConsole
WriteConsoleA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetConsoleScreenBufferSize

user32

MessageBoxA
SetWindowTextA
KillTimer
SetTimer
SetDlgItemTextA
CreateDialogParamA
ShowWindow
PostQuitMessage
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
GetDlgItem
PostMessageA

oleaut32

SysFreeString
SysAllocString

odbc32

ord75
ord6
ord41
ord51
ord39
ord20
ord45
ord36
ord43
ord16
ord31
ord13
ord11
ord29
ord9
ord8
ord7
ord3
ord24

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 459KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f48c79701cc15c1fdcfd2a5dcab2202

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

bti

icuuc38

libcrypto-1_1

libssl-1_1

kernel32

user32

oleaut32

odbc32

iphlpapi

Sections

.text Size: 459KB - Virtual size: 459KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 459KB - Virtual size: 459KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB