8864d7c443110ce66d3afbbba74248b7bbad799398664bd0bcf4c47f4c492254

Sharing

Copy URL Twitter E-mail

General

Target

8864d7c443110ce66d3afbbba74248b7bbad799398664bd0bcf4c47f4c492254
Size

4.7MB
MD5

048a8197033d5d9fbaf583f66b8a2a35
SHA1

28681727dbdbae64176c8027aeca326a4720063d
SHA256

8864d7c443110ce66d3afbbba74248b7bbad799398664bd0bcf4c47f4c492254
SHA512

5a917ecac2ebbfc26ab71fac5682c6a549e5c48eef03fa1298fcc8d9a94fa088fc3bd16bd4fc9c02460d1adc8f6bae38a73a8cb8793bb267b32c374cae9e12f1
SSDEEP

49152:aSvwxoI8vKxSL0ByxPns8DDQnLpi8c3xPmUpAlNNW6m+VeFs1qs6odPLzuuTAipw:aSvjBSKPPs8DE91/1m+VeChnNzuQAiO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8864d7c443110ce66d3afbbba74248b7bbad799398664bd0bcf4c47f4c492254

Files

8864d7c443110ce66d3afbbba74248b7bbad799398664bd0bcf4c47f4c492254
.exe windows:6 windows x86

f58353fea48c3015619613c657a8fdf9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
__WSAFDIsSet
inet_ntop
freeaddrinfo
getaddrinfo
WSAAddressToStringW
WSASendTo
WSAGetLastError
WSASetLastError
ntohs
ntohl
htons
htonl
WSACleanup
getnameinfo
WSARecv
connect
gethostname
accept
WSAIoctl
getsockopt
getsockname
getpeername
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStringToAddressW
WSASocketW
WSASend
WSARecvFrom
shutdown
listen
ioctlsocket
bind
sendto
recvfrom
gethostbyname
socket
setsockopt
select
recv
inet_ntoa
inet_addr
WSAStartup

wldap32

ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord145
ord301

kernel32

ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
ResetEvent
AreFileApisANSI
CopyFileW
CreateDirectoryExW
GetWindowsDirectoryW
DeviceIoControl
SetFileTime
DecodePointer
CloseHandle
RaiseException
GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateThread
TlsAlloc
TlsFree
GetLocalTime
LocalFree
FormatMessageA
FormatMessageW
WideCharToMultiByte
VerSetConditionMask
CreateDirectoryA
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsGetValue
TlsSetValue
GetModuleFileNameA
VerifyVersionInfoA
ReadFile
OutputDebugStringA
CreatePipe
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
CreateProcessA
OpenProcess
SetLocalTime
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalUnlock
GlobalLock
lstrlenA
GetStartupInfoA
K32EnumProcessModules
K32GetModuleFileNameExA
Sleep
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
CreateFileA
GetFileSize
LoadResource
LockResource
GlobalFree
FindResourceA
ReleaseMutex
CreateMutexW
ExitProcess
GetNumaHighestNodeNumber
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateMutexA
RtlUnwind
K32GetProcessMemoryInfo
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryExA
SizeofResource
lstrcmpiA
IsDBCSLeadByte
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
GetFileAttributesA
GetFileAttributesExA
GetFileSizeEx
LockFile
RemoveDirectoryA
SetFilePointerEx
UnlockFile
WriteFile
GetTempPathA
GetSystemTimeAsFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReplaceFileA
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
QueryPerformanceCounter
MoveFileExW
WaitForSingleObjectEx
CompareFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
VerifyVersionInfoW
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SwitchToFiber
DeleteFiber
CreateFiber
FindFirstFileW
FindNextFileW
GetModuleHandleExW
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
DuplicateHandle
TryEnterCriticalSection
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetTimeZoneInformation
GetStringTypeW
IsValidCodePage
IsDBCSLeadByteEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualProtect
SetProcessAffinityMask
CreateFileW
DeleteFileW
DeleteTimerQueueTimer
ReleaseSemaphore
InterlockedFlushSList
UnregisterWaitEx
QueryDepthSList
MoveFileA
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
WaitForMultipleObjectsEx
SetConsoleCtrlHandler
ExitThread
ResumeThread
GetSystemInfo
VirtualQuery
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFileAttributesW
GetConsoleCP
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
SetStdHandle
FindFirstFileExW
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetCPInfo
CompareStringW
LCMapStringW
MultiByteToWideChar
RtlCaptureStackBackTrace
GetLocaleInfoW

user32

LoadIconA
MonitorFromPoint
GetMessageA
LoadImageA
GetCursorPos
IsDialogMessageA
DestroyIcon
TranslateMessage
TrackPopupMenu
GetSubMenu
DestroyMenu
DestroyWindow
CharNextA
GetProcessWindowStation
DispatchMessageA
LoadMenuA
GetSystemMetrics
EnableWindow
GetActiveWindow
DialogBoxParamA
PostMessageA
GetMessagePos
SetWindowLongA
SetWindowTextA
CreateDialogParamA
MoveWindow
ShowWindow
CreateWindowExA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetFocus
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextA
GetMonitorInfoA
MonitorFromWindow
GetWindow
GetParent
GetWindowLongA
MapWindowPoints
MessageBoxA
GetWindowRect
GetClientRect
GetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItem
EndDialog
SetWindowPos
UnregisterClassA
SendMessageA
GetUserObjectInformationW
PeekMessageA
SetMenu
DefWindowProcA
MessageBoxW

advapi32

RegisterEventSourceW
RegQueryInfoKeyW
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
ReportEventW
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptSignHashW
CryptEnumProvidersW
DeregisterEventSource

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoTaskMemRealloc
OleRun
CoTaskMemFree
CoTaskMemAlloc
CoInitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
VarUI4FromStr
VariantChangeType
VariantCopy
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocString
VariantClear
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayGetElement
SysFreeString
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetDim
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData

comctl32

InitCommonControlsEx

mswsock

GetAcceptExSockaddrs
AcceptEx

iphlpapi

GetTcpTable2
SendARP
GetExtendedUdpTable

urlmon

URLDownloadToFileA

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertOpenStore
CertFindCertificateInStore

dbghelp

MiniDumpWriteDump

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f58353fea48c3015619613c657a8fdf9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

mswsock

iphlpapi

urlmon

crypt32

dbghelp

bcrypt

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 766KB - Virtual size: 765KB

.data Size: 46KB - Virtual size: 69KB

.rsrc Size: 378KB - Virtual size: 377KB

.reloc Size: 158KB - Virtual size: 157KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 766KB - Virtual size: 765KB

.data
Size: 46KB - Virtual size: 69KB

.rsrc
Size: 378KB - Virtual size: 377KB

.reloc
Size: 158KB - Virtual size: 157KB