5c3f6879b2163fbed3240ac784be0d98424307ed8dc3d41f32e4130e2a251335

Sharing

Copy URL

Twitter E-mail

General

Target

5c3f6879b2163fbed3240ac784be0d98424307ed8dc3d41f32e4130e2a251335
Size

116KB
MD5

851143b676016be26dd3877db5d51289
SHA1

1490a126def26c9b4d7cb5f3d7a3f30d8852d4e7
SHA256

5c3f6879b2163fbed3240ac784be0d98424307ed8dc3d41f32e4130e2a251335
SHA512

66f475d9b3773e0708562c7f423e3dc1db2ab05b5fb4102b7b7f46639b2bd0affcf89c5577e714f8bb69da0a52feeaeb9195c53f40342c9395c8a1abad5cdae1
SSDEEP

3072:Tm0IT6psnoi8zV/eVLn0ieg3dOAtZqHE8KXzObEJ:Tm0aBWde/egtOAt9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c3f6879b2163fbed3240ac784be0d98424307ed8dc3d41f32e4130e2a251335

Files

5c3f6879b2163fbed3240ac784be0d98424307ed8dc3d41f32e4130e2a251335
.exe windows:4 windows x86

94e12eaaae5bf904f71483c734bb9ae6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersAddresses

wsock32

ntohl
listen
accept
htons
bind
ntohs
send
recv
socket
WSAGetLastError
closesocket
setsockopt
__WSAFDIsSet
select
sendto
recvfrom
WSAStartup
WSACleanup
htonl

comctl32

ord17
ord6

ws2_32

WSAIoctl
WSAAddressToStringA

kernel32

ReleaseMutex
WriteFile
lstrlenA
SetFilePointer
CreateFileA
WaitForSingleObject
GetModuleFileNameA
GetLocalTime
MoveFileA
GetLastError
DeleteFileA
GetFileSize
GetPrivateProfileStringA
WinExec
GlobalAddAtomA
GlobalDeleteAtom
lstrcatA
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
OutputDebugStringA
GetModuleHandleA
Beep
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetTickCount
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
VirtualFree
WaitForMultipleObjects
VirtualAlloc
GetComputerNameA
GetPrivateProfileIntA
lstrcmpA
InterlockedExchange
CreateThread
CreateFileMappingA
lstrcpynA
GetVersionExA
CreateMutexA
MapViewOfFile
lstrcpyA
SetEvent
Sleep
UnmapViewOfFile
OpenEventA
OpenFileMappingA
CloseHandle
GetCurrentThreadId
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalFindAtomA

user32

LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassExA
PostQuitMessage
DrawTextA
DestroyWindow
CreateWindowExA
FindWindowA
DialogBoxParamA
PostMessageA
IsIconic
BeginPaint
GetSystemMetrics
GetClientRect
DefWindowProcA
EndPaint
SetTimer
KillTimer
UpdateWindow
LoadCursorA
SetCursor
GetCursorPos
SetForegroundWindow
LoadMenuA
GetSubMenu
EnableMenuItem
TrackPopupMenu
DestroyMenu
ShowWindow
EnableWindow
SetFocus
LoadIconA
wsprintfA
LoadImageA
GetDlgItem
SetWindowTextA
SendMessageA
LoadStringA
MessageBoxA
ExitWindowsEx
DrawIcon
EndDialog

gdi32

DeleteObject

advapi32

InitializeSecurityDescriptor
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
DeregisterEventSource
ReportEventA
DeleteService
CreateServiceA
RegisterEventSourceA
StartServiceA
ChangeServiceConfigA
OpenProcessToken
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
QueryServiceStatus
ControlService

shell32

Shell_NotifyIconA

hid

HidP_GetCaps
HidD_GetPreparsedData
HidD_GetAttributes
HidD_FreePreparsedData
HidD_GetProductString
HidD_SetFeature
HidD_GetFeature
HidD_GetHidGuid
HidD_FlushQueue

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

msvcr80

exit
ftell
malloc
fread
fclose
free
??2@YAPAXI@Z
rand
srand
_time64
_mbsnbcpy
__argc
__argv
_stricmp
vsprintf_s
strncpy
??3@YAXPAX@Z
vsprintf
sprintf
memset
strncmp
strrchr
fseek
fopen
memcpy
_access
__CxxFrameHandler3
_vsnprintf
atoi
sscanf
_except_handler4_common
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_XcptFilter
_ismbblead

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94e12eaaae5bf904f71483c734bb9ae6

Headers

File Characteristics

Imports

iphlpapi

wsock32

comctl32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

hid

setupapi

msvcr80

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 35KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 35KB

.rsrc
Size: 44KB - Virtual size: 41KB